Distributed headaches: Link11 on the renewed rise of DDoS attacks

DDoS is on the rise again and botnets are becoming more sophisticated. We speak with Link11 Managing Director Marc Wilczek to investigate why this is the case and what organisations should look out for.

Distributed denial of service (DDoS) attacks have long been a thorn in the side of IT professionals looking to preserve the uptime of critical applications, services, and infrastructure. DDoS, and its precursor DoS, have been around for decades, causing absolute havoc to some of the world's largest organisations, as well as a massive range of their SME counterparts. Although, while a lot of time has passed since the first major attacks, it doesn't look like we've really gotten much better at ensuring that a DDoS campaign doesn't get through the door in 2019.

The concept of DDoS sounds relatively simple; coordinated attacks aimed at overwhelming critical infrastructure using a hijacked network of bots - or botnet.  However, DDoS attacks have become increasingly sophisticated and devastating over time, involving more and more bandwidth, and taking more critical services offline. While attacks in the 1990's only needed to send about 150 requests per second to take a large chunk of systems at the time, we are now seeing attacks that can exceed 1 TBPS of bandwidth. In conjunction with that, threat actors are employing multi-vector DDoS attacks, tying together multiple DDoS techniques in order to break-down defences. To top all of this off, DDoS attacks have never been easier to deploy, as they are sometimes even available ‘as-a-service' via the dark web.

While the total number of DDoS attacks slumped from 2017 to 2018, according to Kaspersky, we are seeing a resurgence so far in 2019. The security company has reported that DDoS activity for Q2 2019 is up by 18 percentage points, and in Q1, the total number of attacks increased by 84%, while the number of sustained DDoS sessions (of 60 minutes or more) precisely doubled. Kaspersky hypothesises that the reason for the trend, which the security company says was not predicted, is a result of bad actors filling what they describe as a ‘market vacuum', which was caused by a clampdown on DDoS last year. This clampdown involved some DDoS services shut down, with many of their major players arrested. Now though, new suppliers and DDoS clients as rising to fill the void.

Kaspersky's hypothesis also rings true when looking at Neustar's findings on DDoS attacks as well, which indicates that the size and frequency of attacks are rising sharply. In terms of attack size, Neustar report that attacks of 100GBPS or higher increased by 967% in Q1 2019 compared to the same period last year. It also says smaller attacks experienced a bump as well, with attacks under 5 GBPS experiencing a 257% climb vs Q1 2018. It not difficult to see the effects of this surge in recent headlines, with a range of major organisations impacted by DDoS attacks since the start of this year.

Wikipedia was one such institution to be hit with a massive DDoS attack in September, which took many of its services offline around the world. On the B2B enterprise side, AWS was also hit quite extensively with an attack that broke some of its customers' sites only last month. In fact, the scene is seemingly becoming so populated that some threat actors are even impersonating more prolific and well-known crims when they are carrying out attacks.

Another organisation that researches the DDoS sphere is Link11, which recently released a report that found a 97% YoY increase in average attack bandwidth to 6.6GBPS (from 3.3GBPS in Q2 2018). The vendor also found an increasing complexity of attacks, with multi-vector methodologies seeing a significant rise of 45% in Q2, making up 63% of all DDoS attacks. We sat down with Marc Wilczek, managing director of Link11, to talk about the rise of DDoS attacks in 2019, and how these attacks are likely to evolve going forward.

How much of an issue is DDoS today, and to what extent is the threat still increasing? 

To continue reading this article register now