There has been an increase in newer, intelligent application-layer DDoS attacks that are extremely difficult to identify “in the cloud,” and often go undetected until it is too late, according to Corero Network Security.
We’re also witnessing an uptick in attacks against corporations by hacktivists DDoS-ing sites for political and ideological motives, rather than financial gain. Attacks against Mastercard, Visa, Sony, PayPal and the CIA top the list.
“The cat-and-mouse game between IT administrators, criminals and hacktivists has intensified in 2011 as the number of application-layer DDoS attacks has exploded. Coupled with an increase in political and ideological hacktivism, companies have to be extremely diligent in identifying and combating attempts to disable their websites, steal proprietary information and to deface their web applications,” said Mike Paquette, chief strategy officer, Corero Network Security.
1. Anonymous DDoS attacks on WikiLeaks “censors” Visa, MasterCard and PayPal
The most significant DDoS attack so far this year, the WikiLeaks-related DDoS attacks on Visa, MasterCard and PayPal were both Anonymous’ “coming out” party, and the first widespread example of what has been dubbed “cyber rioting” on the Internet, with virtual passersby joining in the attack voluntarily.
2. Sony PlayStation Network DDoS
A shocking wake-up call for many gamers, customers and investors, the Sony Playstation Network DDoS attack began a series of cyber attacks and data breaches that damaged Sony financially and hurt its reputation.
3. CIA and SOCA hit by LulzSec DDoS attacks
The appearance of LulzSec on the cyber attack scene, highlighted by bold DDoS attacks on the CIA and the U.K. Serious Organised Crime Agency (SOCA), made us wonder if anyone was safe on the Internet.
4. WordPress DDoS
A massive DDoS attack disrupted one of the world’s largest blog hosts-some 18 million websites. The huge attack hit the company’s data centers with tens of millions of packets per second.
5. Hong Kong stock exchange
This DDoS attack had a major impact on the financial world, disrupting stock market trading in Hong Kong. This was a highly leveraged DDoS attack, potentially affecting hundreds of companies and individuals through a single target.
Corero’s recommendations for mitigating the effects of DDoS attacks:
1. Create a DDoS response plan
As with all incident response plans, advance preparation is key to rapid and effective action, avoiding an “all-hands-on-deck” scramble in the face of a DDoS attack. A DDoS response plan lists and describes the steps organizations should take if its IT infrastructure is subjected to a DDoS attack.
Increasingly, Corero is seeing that DDoS attacks against high-profile targets are intelligent, determined and persistent. This new breed of highly capable attackers will switch to different attack sources and alternative attack methods as each new attempt is countered or fails. It is therefore essential the DDoS response plan defines when and how additional mitigation resources are engaged and surveillance tightened.
2. On-premises DDoS defenses are imperative
Clean pipe Internet connections provided by ISPs offer a false sense of security. On-premises DDoS defense solutions installed immediately in front of application and database servers are required to provide a granular response to flooding type attacks, as well as to detect and deflect the increasingly frequent application-layer DDoS attacks. For optimal defense, on-premises DDoS protection solutions should be deployed in concert with automated monitoring services to rapidly identify and react to evasive, sustained attacks.
3. Protect Your DNS servers
DNS servers are often targeted by DDoS attacks. If the attacker can disrupt DNS operations, all of the victims’ services may disappear from the Internet, causing the desired Denial of Service effect.
4. Know your real customers
A brute-force or flooding type of DDoS attack is relatively easy to identify, though it requires high performance and sophisticated real-time analysis to recognize and block attack traffic while simultaneously allowing legitimate traffic to pass.
Detection of the more insidious application layer attacks requires a thorough understanding of the typical behaviors and actions of bona fide customers or employees accessing the applications being protected. In much the same way that credit card fraud detection may be automated, on-premises DDoS defense systems establish legitimate usage profiles in order to identify suspicious traffic and respond accordingly.
5. Maintain continuous vigilance
DDoS attacks are becoming increasingly smart and stealth in their methods. Waiting for an application to become unresponsive before taking action is already too late.
For optimal defense, a DDoS early warning system should be part of a company’s solution. Continuous and automated monitoring is required in order to recognize an attack, sound the alarm and initiate the response plan.