A series of sophisticated DDoS attacks have occurred for over a year in order to find weaknesses in the defenses of key net firms.
A security expert is warning that unidentified hackers have been carrying out a campaign using distributed denial of service (DDoS) attacks for over a year in an effort to figure out how to take down the internet.
In a blog post on his site, security expert Bruce Schneier has detailed how hackers have been launching “precisely calibrated” attacks on key net firms that have increased in intensity and scope. The aim of the attacks was to seek out weaknesses in the defenses of organisations responsible for overseeing critical parts of the net.
Initially, Schneier believed that either China or Russia was behind this series of attacks. However this range of attacks has become commonplace for many organisations.
Unlike traditional DDoS attacks that are launched by extortionists looking to earn money by overwhelming a site with data until its owners pay a fee to put an end to the attacks, Schneier observed that the attacks launched against core net firms were of a different character altogether. This recent wave of attacks has been “significantly larger” than previous attacks and they also lasted for a much longer duration. Another differentiating feature is that the amount of data directed at the victims was slowly turned up.
Schneier highlighted the possible end goal of the attacks, saying: “It’s as if the attacker were looking for the exact point of failure. Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services.”
Roland Dobbins, principal engineer at Arbor, believes that it is “manifestly untrue” that attacks such as the ones Schneier described could only be launched by state-sponsored hackers. In today’s world it is possible for even a small organisation to launch sophisticated and sizable attacks.
Dobbins stressed the need to improve defenses in order to be prepared for state-sponsored or criminal DDoS attacks, saying: “Some are nation-state actors, some are affiliated with nation-states at arm’s length, many are not-state ideological actors, and many are commercially driven criminal actors. Irrespective of the identities and motivations of DDoS threat actors, successful defense is demonstrably possible against even the largest and most sophisticated DDoS attacks.”
Sean Newman, director at Corero Network Security commented: “As security professionals, much of what we see in relation to cyber-attacks, of all types, points to increased sophistication. Whether stealing critical information, or causing disruption, attackers are increasingly surgical and stealthy as they build up to and execute their attacks.
“At Corero, we see this play out on a daily basis and have repeatedly highlighted the trend for DDoS attacks to be sub-saturating and short in duration, which is consistent with attackers either testing out their targets, or already having done so, and knowing just exactly how much traffic is needed to cripple them. This trend is certainly a challenge for any organisations, or providers, relying on legacy scrubbing-centre approaches to DDoS protection, as these are typically based on an assumption that DDoS consists of attacks which are saturating and/or prolonged in nature – these solutions are not inline, or real-time, and are typically limited in capacity, hence they cannot effectively deal with the proliferation of these surgical attacks.
“And, whilst these attacks are not being blocked, it is easy for the perpetrators to continue their reconnaissance, with the potential to wreak havoc across the internet.”