UPDATED 22:56 EST / DECEMBER 24 2014

Predicting DDoS into 2015: Distributed attacks will only get badder maybe not bigger

ddos-nukeThe use of distributed denial of service attacks (DDoS) has become the mainstay of Internet mayhem groups, hactivist protests, and even hacker warfare. Across 2014 there has been a certain amount of evolution of the tactics seen from previous years, but it’s also the same types of attacks and uses seen in the past years. In fact, old techniques have been resurrected.

To better understand how DDoS affected the industry in 2014 and how security experts can learn from this SiliconAngle contacted DDoS mitigation experts at Black Lotus and NexusGuard. Black Lotus does network attack mitigation and releases quarterly reports about the nature and activity of DDoS attacks across the Internet. NexusGuard also provides enterprise and business-level solutions for surviving DDoS attacks.

What trends do can expect from 2014 to continue in 2015?

Much of 2014 saw the resurrection of attacks first used in the mid 1990s, says Terrence Gareau, Chief Scientist of Nexusguard. In 2014, reflection attacks became the story of the year—using vulnerable Internet services to echo back massive traffic for small traffic “reflecting” or “amplifying” a small amount of traffic to a massive tsunami of data towards a target.

He says that 2014 has seen a number of different methods, but Chargen, NTP, and SSDP have made up the majority of attacks this year. Each of these attack-types represents an aspect of network technology bent towards the ill will of attackers.

It also permits a smaller attack to have a much more dramatic effect, which leads to the other takeaway from 2014: the size of the targets is ever-increasing.

“Big DDoS against big targets—large brands that have high stakes for reputation loss—will continue to occur regularly and gain mainstream media attention,” says Shawn Marck, Chief Security Officer of Black Lotus. “Entertainment, specifically gaming is at the center of this trend because of the immediate disruption of high numbers of users and subscribers who will quickly confirm and spread word of the attack through social media like wildfire.”

In fact, looking at this year’s proliferation of mayhem groups such as DerpTrolling and LizardSquad—who walk in the wake of 2011’s LulzSec—gaming took some extremely big hits in 2014 and may still have one coming this Christmas holiday.

derp-ddos-whiteWhat did we learn in 2014 that enterprise should know for 2015?

“Size isn’t everything,” says Marck. “While our network is big, we have some customers with networks that are actually bigger. Sheer attack volume isn’t always what disrupts service, mitigation efficacy and expertise matter just as much. ”

There are a number of tools out there for emitting DDoS attacks and for taking advantage of vulnerable systems for reflection attacks such as 4chan’s Low Orbit Ion Cannon (which DerpTrolling often cites as using.) S

Sometimes these tools are used to attack a site and lag it offline in a pique of childish whimsy as groups duke it out—attacking forums or communities who groups disagree with. Then there’s mayhem groups such as DerpTrolling and LizardSquad who hit large gaming businesses because of the potential for disruption for no other reason than “for the lulz.” Others, such as past hactivist efforts, have hit government web pages, the FBI, and the CIA to make a political point. Finally, some groups have been seen to use DDoS as part of a campaign of infiltration or to cover another type of attack.

“DDoS is not just a single event and attackers may use it at a smoke screen to cover up hacking attempts to get into enterprise networks,” adds Gareau. “DDoS events or campaigns will take up a large number of IT resources.”

With the way that DDoS has been fielded in all these manners since the inception of the Internet, and came into almost recent-seeming vogue in the 2010s it’s most certain these sorts of attacks will not be coming to an end. And, because volume isn’t everything, it’s more likely 2015 will see an increase in overall sophistication of techniques, patterns, and tactics.

Both Marck and Gareau agree that for any business with an Internet presence the possibility of DDoS attack continues to be real and some sort of mitigation should be in place. Not necessarily because any given business will become the target of an attack; but because attackers hitting neighbors can be equally devastating.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU