Corero Network Security predicts a rise in DDoS attacks being used as a smokescreen to distract victims – aka ‘Dark DDoS’ , with ransom demands associated with DDoS attacks tripling in 2016. According to 2016 predictions from Corero Network Security’s latest Trends and Analysis report attackers are continuing to use sub-saturating DDoS attacks with increasing frequency, with shorter attack durations to distract IT teams by causing network disruptions. The vast majority of DDoS attacks experienced by Corero customers during 2015 were less than 1Gbps, and more than 95% of these attacks lasted for 30 minutes or less.
Corero’s Security Operations Centre has also recorded a sharp increase in hackers targeting their customers with Bitcoin ransom demands. During October 2015, 10% of Corero’s customer base was faced with extortion attempts, which threatened to take down or to continue an attack on their websites unless a ransom demand was paid. If the volume of DDoS attacks continues to grow at the current rate of 32% per quarter, according to Corero’s latest Trends and Analysis Report, the volume of Bitcoin ransom demands could triple to 30% by the same time next year.
The growth is being fuelled by the increased automation of DDoS attacks, which allows cyber criminals to enact hybrid, multi-vector attacks and expand their reach on an industrial scale. The Armada Collective cyber attackers recently claimed that their DDoS attacks can be as powerful as one Terabit per second, but the increasing industrialisation of DDoS attacks could soon reap even larger attacks.
Corero’s Security Operations Centre is already seeing a rise in automated DDoS tools being deployed. In these situations, attackers leverage one attack technique, such as a DNS flood, and if unsuccessful, automatically enact a second technique, such as an UDP flood, and keep leveraging different attack techniques automatically until their target’s Internet service is successfully denied.
Dave Larson, COO at Corero Network Security, explains: “The highly sophisticated, adaptive and powerful Dark DDoS attack will grow exponentially next year as criminals build on their previous successes of using DDoS attacks as a distraction technique. The Carphone Warehouse attack in August was interesting because it was one of the first publicly reported cases of ‘Dark DDoS’ in the public domain. This is a new frontier for DDoS attacks and a growing threat for any Internet-connected business that is housing sensitive data, such as credit card details or other personally identifiable information.
“Traditional approaches to DDoS defence simply cannot catch these sophisticated attacks – only by using an always-on, inline DDoS mitigation solution that automatically removes the threat and provides real-time visibility will IT teams be able to harden their security perimeter to deal with this emerging security threat.”
Dave Larson continues: “Lizard Squad are already selling DDoS attacks-as-a-service for as little as $6 a month. To expedite the process, opportunistic cyber criminals may already be developing ransom kits to allow ransom demands to be automated even further. These attack tools know when they’re successful and they react in real-time. This level of automation works faster than humans and requires in-line, always-on, DDoS mitigation tools to provide a robust defence.
“The Internet of Things further exacerbates this problem by providing a proliferation of rarely secured end points which are vulnerable to attack. This provides a growing domain of potential botnets and means that there is no limit to the scale of future attacks.”