Short-burst DDoS attacks used to detect easy-to-infiltrate firms
The quick-trick type of DDoS attack is becoming more commonplace and is being used to disrupt traffic and negatively affect businesses. Most websites aren’t prepared to meet the threat that tests their vulnerability and reaction time.
While Distributed Denial of Service (DDoS) attacks are a somewhat regular occurrence these days, a trend in short, shotgun-like bursts of traffic to test the vulnerability of domains and websites has seen a surge in recent months. Assailable websites have not been able to ready themselves in the latest barrage of short-and-swift maneuvers.
Unlike the recent devastating attack on GitHub from Chinese sources, which was an ongoing push of traffic dedicated to derailing the site, the short-burst DDoS strain is a quick-duration attack that only takes a few minutes to coordinate and launch each time.
Small and stealthy
Yariv Hazony, Vice President of Product at Sentrix, recently looked at the case of simultaneous, short duration DDoS attacks that target multiple sites, with time being the most important factor in the offensive.
Attackers leverage these short-duration attacks to evaluate which companies and organizations are easiest to infiltrate. We assume that this also has to do with the availability of resources.
Hazony states that these short-burst attacks likely originate from small, private groups that lack the resources necessary to carry out anything on a larger scale. There is an obvious difference here between these and the GitHub attack, which was orchestrated via Baidu, the largest search engine in China.
In their Global IT Security Risks Survey for 2014, Kaspersky Lab surmised that “significant increases in page load times” (52%) was the most commonly reported effect of a DDoS attack, with “slight increase in page load times” reported by 33% of victims.
More severe outcomes included transaction failures in 29% of cases, and complete disruption/complete unavailability of service in 13% of cases. The survey was conducted with a total of 3,900 respondents from 27 countries from varying company sizes.
For Hazony, short-burst attacks are “becoming much more commonplace, whether the goal is to take a site down or if they’re used as a smokescreen to divert site owners’ attention”. After Sentrix were privy to a three day, continuous attack that targeted two domains of a well-known bank, on top of a short-duration spike attack on one of their own Telco customers, the company wants to raise awareness of this new pattern of DDoS aggression.
According to SC Magazine, the average DDoS attack size for 2014 comes in at 7.39 Gbps. Sentrix compared this average with the attacks they witnessed and found that when it comes to short-burst attacks, time is of the essence. Hazony says that “attacks are likely to go under the radar and leave no time to respond”.
For organizations managing multiple web domains, they must have the ability to “centralize incoming data, preferably by working with the same security vendor across all their domains”.
Organizations should demand this capability from their security vendors, who should also be willing to use data from various customers in order to predict potential attacks on other customers.
The lesson here is that companies need to get their priorities in order so that they’re protected against these often unprovoked attacks. The Kaspersky Lab survey says that preventing DDoS attacks was reported as a top priority for an IT department by only 23% of businesses, with the E-commerce/Online Retail sector scoring the lowest rating at 19%.