Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The temporary takedown in December of a handful of websites that cut ties with controversial website WikiLeaks, including Visa and MasterCard, made news.
The reality, though, is that similar attacks, motivated by a variety of reasons, occur thousands of times each day, thanks in part to the ease by which website disruptions can be accomplished.
Hackers have been carrying out distributed denial-of-service (DDoS) attacks for more than a decade, and their potency steadily has increased over time, said Jose Nazario, senior security researcher at Arbor Networks.
Due to internet bandwidth growth, the largest such attacks have increased from a modest 400 megabytes per second in 2002 to 100 gigabytes per second recently, according to Arbor Networks. Massive flooding attacks in the 50 Gbps range are powerful enough to exceed the bandwidth capacity of almost any intended target, but even smaller attacks can be surprisingly effective.
“There has been a dramatic increase in the past five years of easy-to-use tools in the DDoS attack space,” Nazario said.
The vast majority of DDoS attacks occur in the world of online gaming, where individuals use tools to boot competitors from the game to gain an advantage, Nazario said. Attacks also have widely been used in extortion schemes against gambling and pornography sites.
Meanwhile, a rapidly growing subset of attacks are politically or ideologically motivated, such as those targeting WikiLeaks and the ensuing retaliatory attacks against web properties that stopped doing business with the site.
While large organizations may have the funds to pay for costly DDoS mitigation services or enlist the assistance of a hosting provider, smaller businesses, such as human rights and independent media outlets, often lack the tools and resources to deflect attacks, according to The Berkman Center for Internet & Society at Harvard University.
The burden of responsibility also falls on individual users, whose unpatched machines are sometimes infected to amass botnets used to flood websites with unwanted traffic.
“I do not see a real solution to this problem right now,” Jonas Frey, owner of Probe Networks, a German security firm, recently wrote on the North American Network Operators Group mailing list. “There's not much you can do about the unwillingness of users to keep their software/OS [up to date] and deploy anti-virus/anti-malware software.”
Growth in DDoS attack size year-over-year since 2002 has been 202 percent. Source: Arbor Networks Sixth Annual Worldwide Infrastructure Security Report
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
