DDoS attacks get more cunning

[begood]

Enterprises are becoming subjected to increasingly targeted DDoS attacks that do not simply use brute force to take down a network, but are targeted instead at individual applications, according to Verisign, the internet registry that also provides managed DDoS services for businesses.

Verisign warned that whereas most DDoS attacks in the past were random, now they are more likely to focus on causing damage to particular businesses.

“Attacks are becoming easier to perpetrate and harder to detect,” said Matt Bruun, UK sales director, Verisign, speaking to Security Vibes. Bruun said Verisign was now increasingly seeing application layer threats aimed at taking down business-critical applications, either off-the-shelf or bespoke, as well as the more traditional brute force approach against businesses as a whole. He declined to mention which applications were being most actively targeted.

The company added that application layer attacks often mimicked legitimate traffic, operating within an application’s normal thresholds, which made them harder to detect. The attacker typically then forces an unperceived increase in network traffic, triggering the denial of service. Verisign said these attacks are usually targeted at either the most critical or the weakest application.

Verisign’s assertions about the increasing severity of DDoS attacks appear to be backed up by survey data from Forrester Research, the analyst company. In a July 2009 survey of 400 security professionals in the US and Europe, 74 per cent said their business had been targeted by at least one DDoS attack in the last year. That figure has risen sharply from 49 per cent in 2008. Just over half of those affected (58 per cent) said the attacks they had faced were partly or totally targeted against them. As a consequence, DDoS had become the top security issue, ahead of web application security, the survey found, with 58 per cent of respondents saying they were “extremely concerned” about DDoS attacks.

Verisign has published a whitepaper describing best practice for enterprises in defending against DDoS attacks. Among its recommendations, Verisign said businesses should:

• Centralise monitoring so traffic patterns across the network can be seen in one place
  
• Understand what normal traffic patterns look like
  
• Define who will respond in case of attack
  
• Develop contingency plans in case the worst does happen
  
• Use a multi-layered verification process to maximise the flow of legitimate traffic while being able to guard against malicious traffic
  
• Build in on-demand capacity and load balancing
  
• Establish how infrastructure will cope under attack
  
• Address common application vulnerabilities
  
• Consider procuring a managed DDoS service
  

Verisign argued that traditional preventative measures were not enough. It said that over-provisioning of bandwidth would not be cost effective nor very efficient. Firewalls, IDS and IPS systems may not keep out DDoS attacks, it said. And relying on an ISP to offer protection against DDoS could result in problems if the ISP itself did not have the right defensive measures in place. ISPs were frequently victims of DDoS too, Verisign said in the report.

DDoS attacks get more cunning - SecurityVibes Community