Industry Trends

DDoS: A Brief History, Part II

By Stefanie Hoffman | March 27, 2013

In our last blog, we discussed DDoS, detailing the chronology of the DDoS attack from an early attack used by hackers to gain notoriety and wreak havoc to a sophisticated cybercrime tool used for monetary gain.

In this Part II, gathered from information provided by FortiGuard AV analyst Karine de Ponteves, we discuss the latest iteration of DDoS – specifically, how the attack is leveraged to disrupt government and corporate systems to make a political statement and mobilize users to action – a phenomenon known as hacktivism. Finally, we’ll look at the future of the DDoS as attack methods become more varied and complex.

2010: DDoS and Hacktivism:

In 2010, the media zoomed in on the prevalence of high-profile DDoS attacks. Rather than financial gain, political events and ideological issues spurred their proliferation into status quo. With each new incident, hackers increased attack volumes. For the first time, attacks broke the 100 Gbps barrier, representing 22,000 times the average bandwidth of an Internet user in the U.S. in 2010, according to de Ponteves.

Perhaps the attack that best epitomizes the hacktivist movement is the sustained assault against the sites of Visa, MasterCard, PayPal and others, imposed by global hacker collective Anonymous in regards to controversial whistleblower site Wikileaks.

In December 2009, Julian Assange’s renowned site Wikileaks came under fire after publicizing secret government cables. Wikileaks ignored the mandate, raising the ire of government agencies and corporate service providers.

Still a relatively unknown entity, hacker group Anonymous came to Wikileaks’ defense in a retaliatory campaign called Operation Payback. The group targeted numerous credit card and banking institutions that had terminated service with Wikileaks. The attacks knocked down MasterCard’s and Visa’s sites, shedding light on their online systems’ vulnerabilities and leading many to question the companies’ overall security practices.

The DDoS tool du jour? Anonymous used a “Low Orbit Ion Cannon (LOIC).” Initially, LOIC was an open-source tool for load testing, designed to conduct stress tests for Web applications. But it had a lot of power behind its punch, and it didn’t take long for Anonymous hackers to leverage the tool in its agenda, bringing popular and secure Web sites to their knees with just a few clicks.

2012 and Beyond: The Rise of Application Based Attacks

Cybercriminals today have access to a diverse range of DDoS attack methods. However, most attacks can be put in one of two categories:

Volumetric attacks saturate the network bandwidth and infrastructure.

Application-layer attacks target specific services by exhausting their resources. They differ from older DDoS attacks in that they’re stealthier than most flooding tools and use less bandwidth, which makes them more difficult to detect. An application-layer DDoS attack can render a Web server inaccessible, while feasibly leaving all other services intact.

Application-layer attacks helped streamline the execution of DDoS. In fact, thanks to their ease-of-use capabilities, the number of DDoS attacks has increased by 20 to 45 percent. The trend toward application-layer attacks is unmistakable and not likely to reverse any time soon.

That doesn’t mean other DDoS attacks will experience a slowdown. Quite the contrary, according to de Ponteves: Both types of attacks will only become more powerful and destructive.

Case in point: A Verizon Data Breach report indicated numerous high-profile application-layer attacks hiding behind volumetric attacks. When executed in tandem, these were used to obscure data theft efforts. The net-net? Cybercriminals are relying on more complex, multi-layer DDoS assaults to obscure the true attack target.

DDoS attacks are on the same trajectory as many other threats, becoming more sophisticated, stealthy and evasive while targeting a diverse range of platforms and threat vectors. This means organizations can’t afford to be complacent about their DDoS defenses. Traditional methods of detection will be rendered obsolete, and the biggest challenge will be achieving sufficient visibility and context to adequately detect these new threats without slowing or disrupting the legitimate traffic necessary for business success. These factors make a multi-layer strategy essential.

While no one knows how they will evolve, it’s clear DDoS will remain on the forefront of the threat landscape – and top-of-mind for organizations – for the foreseeable future.

Join the Discussion