FBI crackdown reduced denial-of-service attack sizes by 85 percent
The Federal Bureau of Investigation shut down 15 of the largest distributed denial of service for hire websites in the world in December, leading to an 85 percent reduction in attack size worldwide.
That’s according to today’s report from Nexusguard, a cybersecurity company that mitigates DDoS attacks. The FBI crackdown was announced Dec. 20 and led to the shutdown of numerous websites that would sell high-bandwidth internet attack services under the guise of “stress testing.”
Examples of DDoS-for-hire websites include the Lizard Stresser, a criminal service produced by Lizard Squad, a hacker group best known for the 2014 Christmas Day attack on the Xbox Live and PlayStation Network. Stressers, or booters, Nexusguard explains, are websites that allow people to pay money to have a tsunami of internet traffic directed at a particular service, knocking it offline for a period of time.
These attack services take advantage of vulnerabilities discovered in internet devices — such as connected video cameras, wireless routers, smart products and even cloud services — using bots to generate useless internet traffic that overwhelms legitimate traffic going to a website or internet service.
According to a recent report from Kaspersky Lab, DDoS attacks can cost small and medium businesses around $123,000 per attack. While large enterprise organizations do not fare so well, with expenses exceeding $2.3 million on average per attack.
Nexusguard’s research shows that aside from the reduction in average attack size, the maximum attack size has also fallen by 24 percent. The company believes that the 15 services taken down by the FBI represented 11 percent of all attacks worldwide and that the reduction in attack bandwidth has shown the crackdown was effective.
“Seizing command-and-control servers, booters and other resources has been a big part of the FBI’s fight against cybercrime,” said Juniman Kasman, chief technology officer for Nexusguard. “But this shutdown only scratches the surface of a global problem.”
The Nexusguard report also warned that this is probably only a temporary reprieve. The proliferation of bot networks, newly found vulnerabilities and the ever-growing number of smart devices and internet of things nodes continues to increase the potential attack capabilities used by these services.
“While booters are visible targets, businesses must also manage the vulnerabilities that stem from unpatched hardware and software, human error and new attack methods, especially as the footprint of IoT expands,” Kasman said.
Attacks that used Hypertext Transfer Protocol Secure, the most common encrypted protocol for retrieving websites, ranked third-highest during this quarter, in comparison to User Datagram Protocol and Simple Service Discovery Protocol attacks.
Although average attack sizes dropped, attack durations increased more than 175 percent from last year, sustaining more than 450 minutes on average. Attacks also tended to occur during peak service hours for the target in order to maximize disruption.
China also led the number of outgoing DDoS attacks at 23 percent, and the United States took second place with 18 percent.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.