DDoS, or distributed denial of service, cyber-attacks became front-page news in March when an attack dubbed the 'largest cyber-attack in history' hit an anti-spam organisation. The attack saw Spamhaus servers flooded with 300 billion bits of data per second, which is around three times the size of the largest attack seen previously.
While an attack of
this size has so far been a one-off there are hundreds if not thousands
of people around the globe who are making millions of pounds every year
by hiring out the networks of zombie computers known as botnets which
carry out these attacks.
"Making money with a botnet is easier
than brushing your teeth," an unnamed hacker told Robert Hansen,
Director of Product Management at WhiteHat Security, as reported in his two-part interview.
The hacker said it amazed him he was able to make as much money as the
average monthly industrial wage in a few hours typing on a laptop while
watching TV.
In recent years hacking has become much more
accessible with the automation of tools allowing even those with limited
technical knowledge to make money.
At one stage the anonymous
hacker said he was making "millions" every year from a variety of
hacking techniques, including carrying out DDoS attacks on behalf of
customers. While that has now been reduced somewhat as people become
more aware of cyber threats, the hacker intimated he had already earned
over $300,000 this year.
Centrally controlled
DDoS attacks are typically carried out by networks of PCs which have
been infected with malware and can then be centrally controlled to send
huge volumes of traffic towards a particular website or server, knocking
the services offline for a period of time.
These botnets are
rented out for as short as 30 minutes at a time, with those renting them
typically blackmailing their targets by threatening to keep their
businesses offline unless they pay up.
It's a system which clearly works, but as one major European gaming company told IBTimes UK exclusively this week, there are ways to prevent this type of attack without having to pay out to blackmailers.
Speaking
on the basis of anonymity the head of security for the gaming company
which specialises in live casino games, spoke about a persistent series
of DDoS attacks which threatened the company and its customers just over
a year ago.
The attacks, which took place every Sunday
morning/afternoon for up to two months, cost the company over €100,000
in lost revenue and much more in lost credibility. The attacks took
place at that specific time as the attackers knew the normal security
team would not be working and it would be easier to bring down the
company's servers.
Identity
The attackers were not known, and most likely rented a botnet to
carry out the attack, making it virtually impossible to trace their real
identity. The head of security speculated that it could have been a
rival company who carried out the attack or a customer seeking revenge
having lost a lot of money on one of the sites supported by this
company.
The company was able to mitigate the attacks using DDoS
mitigation techniques which are able to divert the huge volume of
traffic targeting the site. While employing this security measure is not
free, the anonymous botnet master told Hansen he was amazed more online
companies didn't use it:
"Companies don't purchase DDoS
protection. Cloudflare for example offers incredibly strong DDoS
protection for $200 a month (also it's harder to jack a Cloudflare
domain). If I extort you for $200-$1000 for one day why not make
yourself immune for the minimal fee?"
Attacks the size of the Spamhaus attack are atypical however and
according to research published by Arbor Networks the size of these
volumetric type of DDoS attack is plateauing, though not because of
technical restrictions
When asked for the reason we have not seen
more attacks like the one which hit Spamhaus in March, Darren Anstee
from Arbor is stumped: "The answer is that, very simply, I don't know.
The capability to generate larger attacks has been out there for quite a
long time. If you look at Spamhaus the attack vector that was used was
nothing new, they just leveraged the capabilities that were already out
there on the internet."
The reason we are not seeing bigger
attacks on the scale of Spamhaus is that attackers simply don't have to
boost their attacks for them to work:
"Attackers have realised to
an extent that 100Gbps is enough to hurt the majority of the targets
that are out there, and most targets will have significant issues with
dealing with 100Gbps of traffic, in fact some service providers would
have issues with that, especially if they don't have the right solutions
in place to deal with the attack traffic," Anstee says.
No comments:
Post a Comment