Wednesday, April 17, 2013

Cyber Attacks Approach 'Armageddon Scenario'

The average bandwidth seen in distributed denial-of-service (DDoS) attacks has recently increased by a factor of seven, jumping from 6 Gbps to 48 Gbps.

Furthermore, 10% of DDoS attacks now exceed 60 Gbps.

As DDoS attack sizes increase, so do fears of an Armageddon scenario [link], in which the attack not only disrupts a targeted site, but every site or service provider in between.

According to Prolexic's report, the largest single attack it's mitigated to date occurred in March, when an "enterprise customer" was hit with an attack that peaked at 130 Gbps. While that wasn't equal to the 300 Gbps attack experienced by Spamhaus [link], it still represents well more than most businesses can handle, unless they work with their service provider or third parties to build a better DDoS mitigation defense.

The source of attacks doesn't mean that a country's government or even criminal gangs are directly responsible for launching DDoS campaigns.

For example, the Operation Ababil bank disruption campaign being run by al-Qassam Cyber Fighters [link] relies in part on hacking into vulnerable WordPress servers and installing such DDoS toolkits as "itsoknoproblembro" --aka Brobot [link].

Attackers then use command-and-control servers to issue attack instructions to the toolkits, thus transforming legitimate websites into DDoS launch platforms.