Trojan horse DDoS attacks on the rise

Networks Asia staff
Networks Asia

The greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions,  Corero Network Security has warned.

According to new Corero research, which highlights DDoS attack attempts against its customers, short, frequent, low-volume DDoS attacks continue to dominate.

Despite several headline-dominating, high-volume DDoS attacks over the past year, the vast majority (98%) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 10 Gbps per second in volume. In addition, almost three quarters (71%) of the attacks mitigated by Corero lasted 10 minutes or less.

Due to their small size, these sub-saturating attacks tend to go undetected by IT security staff and many DDoS protection systems. However, they are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline so that the hackers can target, map and infiltrate a network to install malware and engage data exfiltration activity.

"Short DDoS attacks might seem harmless, in that they don't cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions,”Corero Network Security CEO Ashley Stephenson explained.

“Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander – in this case, a flicker of internet outage – while hiding their more sinister motives.”

In total, Corero customers experienced an average of 124 DDoS attack attempts per month, equivalent to 4.1 attacks per day during Q1 of 2017. This is a 9% increase in attacks over Q4 2016.

“Rather than showing their capabilities in full view, through large, volumetric DDoS attacks that cripple a website, using short attacks allows bad actors to test for vulnerabilities within a network and monitor the success of new methods without being detected. Most cloud-based scrubbing solutions will not detect DDoS attacks of less than 10 minutes in duration, so the damage is done before the attack can even be reported,” Stephenson said.

“As a result, the raft of sub-saturating attacks observed at the beginning of this year could represent a testing phase, as hackers experiment with new techniques before deploying them at an industrial scale.”

While low volume attacks remain the norm, Corero recorded a significant (55%) increase in large DDoS attacks of more than 10 Gbps per second, in Q1 of 2017, compared to the previous quarter. In addition, while the majority of attacks recorded lasted less than 10 minutes, the data also revealed a slight increase in attacks lasting 20 minutes or longer, with these attacks now accounting for nearly a quarter (22%) of all the attacks recorded.

First published in NetworksAsia

Commentary

5G and data center-friendly network architectures

Matt Walker / MTN Consulting

Webscale and transmission network operators' interests are aligning as the 5G era dawns

Matt Walker / MTN Consulting

Webscale and transmission network operators' interests are aligning as the 5G era dawns

Rémy Pascal / Analysys Mason

The launch of 5G by South Korean operators serves as a first benchmark for other operators around the world