A large number of DDoS attacks was observed last year, and according to recent predictions, these attacks are set to continue at an increased rate in 2016. They are going to be roomier this time. Today, DDoS attacks are almost unnoticeable. It is no longer the preservation of bad actors who hide in their bedrooms and coding to carry out protest. These attacks have the strength to cause significant damage.
Just like all those that were affected by the Carphone and TalkTalk warehouse breaches, last year will understand. DDoS attacks have become more sophisticated, frequent and deceptive. This time, they are not just designed to deny service, but they can as well deny security by disguising themselves to carry out more sinister activities. This can be data theft or network infiltration.
These attacks are called ‘Dark DDoS’ because they act as a dark shield that diverts the attention of IT teams from the real attack that is taking place. The real attacks can see your data exfiltrated, vulnerabilities being mapped in your network or a bunch of risks that will surface due to the hackers’ actions.
During the last few years, a large amount of these attacks that were reported occurred simultaneously. This showed that it acted as a tool of wider strategy, in other words, hackers utilize this technique in a very significant way. That said, we need to ask ourselves this questions, how are hackers making use of Dark DDoS? And how can security agencies stay one step ahead to prevent this attacks?
First and foremost, Dark DDoS is a special tool that a hacker makes use of to invade many DDoS scrubbing center legacy solution. Before hackers can begin flooding a network with traffic, the search for vulnerabilities in the network, this enables them to locate pathways for stealing sensitive data. In 2015, the majority of attacks experienced by Corero customers were less than 1Gbps, but with more than 95% of this attacks being just less than 30 minutes. A traditional scrubbing center will likely miss this attack thereby leaving security agencies without a clue in the event of an attack
The first publicly reported incidence of DDoS attack used, was an attack on the Carphone Warehouse in August 2015. Carphone, which is a mobile phone reseller company, found that their online systems were overflowing with junk traffic during the process of discovering the breach. Similar characteristics were also seen in the TalkTalk breach last year and were also observed in numerous cases that US banks were involved.
With the increase of Dark DDoS, hackers are now able to make use of whatever means available to infiltrate a network while distracting security personnel with the DDoS traffic. Meanwhile, the services running on such networks are still functional; they are vulnerable to attack. Furthermore, with such smokescreen blocking the visibility of security personnel from the central issue: the breach attempt itself, the job to halt such attack has become increasingly difficult.
The underlying problem of Dark Does is fast increasing and worsening, these days, DDoS attacks are automated. Security operations at Corero have already seen an eloquent rise in the automation of DDoS tools that are being deployed. Automating DDoS allows hackers to leverage one technique, that is, if a first technique such as a DNS flooding is unsuccessful, a second technique such as UDP flooding is enacted automatically. This continues until the targeted environment is successfully compromised. These tools react in real time, and they know when they are successful. Their fastness has made it impossible for human intervention to compete with it.
By deploying an in-line DDoS mitigation solution that is always-on and performing automatically, security personnel’s can minimize the mitigation of DDoS events in real-time. This will help security agencies to stay one step ahead and monitors every move.