The rise of hacktivism in recent years has led to an onslaught of distributed denial-of-service (DDoS) attacks. In response, organizations and web hosts are putting solutions in place to combat these types of hacks. But how well are these solutions working, in terms of effectively stopping DDoS attacks?
A DDoS attack is an attempt to make a system or network resource unavailable to its employees or customers. The methods for carrying out a DDoS attack can vary, but they typically consist of efforts to temporarily or indefinitely interrupt services of a host system that’s connected to the Internet.
DDoS attacks are sent by two or more individuals or bots, whereas denial-of-service (DoS) attacks are instigated by one person or system. In many cases, DDoS attacks are launched against sites or services that are hosted on high-profile web servers. More recently, the attacks have also been used as a form of political resistance or social justice protest .
“Denial-of-service attacks are a serious problem that we anticipate will continue to get worse,” says Matthew Prince, co-founder and CEO of CloudFlare, which provides a solution to protect web sites, routing web traffic through its intelligent global network and blocking threats and limiting the abusive bots and crawlers that can cause DDoS attacks.
You could say that 2013 was the year of DDoS: “In 2013, we saw the largest DDoS attack on the Internet,” Prince says. “Attacks are continuously getting larger and more complicated, and we’ve seen an increase in reflection/amplification attacks. Hackers and attackers are utilizing parts of the Internet that are not up to date to amplify their attacks.”
The Growing Global Threat of DDoS
There has also been a significant increase in DDoS-for-hire services, making it easier than ever for anyone to launch an attack.
“It is quite possible to buy a DDoS tool on the Internet that can launch an attack for one week against a site for about $150,” Prince says. “We have also seen that DDoS attacks are being used to stifle free speech, or that the DDoS attacks are largely politically motivated.”
In July 2013, Arbor Networks, Inc., a provider of network security and management solutions for enterprise- and service-provider networks, released a report noting that the average DDoS attack size was growing dramatically. According to Arbor, the data show that DDoS “continues to be a global threat, with a clear increase in attack size, speed and complexity.”
Among the key findings were that the average bits-per-second (bps) attack size was up 43 percent in the first half of 2013; 47 percent of attacks were over 1Gbps, a jump of 14 percent from 2012; and the proportion of attacks in the 2–10 Gbps range doubled, going from 15 percent to 30 percent. In addition, the first half of 2013 saw more than double the total number of attacks over 20 Gbps that took place in all of 2012, according to the report.
The security industry is fighting back against DDoS attacks. Market-research firm Infonetics Research, in its recent DDoS Prevention Appliances report, notes that the global DDoS prevention appliance market totaled $89 million in the third quarter of 2013, a 6 percent increase from the second quarter of the year.
United IT Stands Against DDoS Attacks
An increasing number of application-layer attacks, which older DDoS detection and mitigation infrastructure can’t identify and block, are forcing companies to make new investments in DDoS solutions, according to Infonetics.
The research firm notes that the availability of integrated DDoS mitigation solutions, such as firewalls that double as routers, will begin to affect the stand-alone DDoS prevention market in 2015, limiting the potential of lower-end, on-premises solutions for enterprises and small to midsize hosting providers.
It’s becoming increasingly important for organizations and hosting providers to have a solid layer of security and protection against DDoS attacks, Prince says.
“Hosting providers can partner with security services to offer one-click simple security solutions to thousands of customers,” Prince says. “We partner with the largest hosting providers in the world to provide them, and their customers, with an easy-to-use, instant security layer.”
Other effective solutions include a web application firewall (WAF).
“A traditional web application firewall or solutions like mod_security can help block or limit traffic that doesn’t show the traditional signature of a traditional site visitor,” Prince says.
“Security solutions are adapting new technologies and creating intelligent networks that include machine-learning, attack-adaptation, protection based on the heuristics of attacks and WAFs that can block or limit threat traffic,” he adds.
Despite the latest defenses, it’s clear that DDoS is becoming more sophisticated.
“The number and strength of attacks is getting stronger and larger,” Prince says. “At the same time, attackers are getting more sophisticated for the kind of attacks they are launching,” he says. “Attackers are getting smarter on how to leverage [the] Internet to their favor and have millions of compromised computers at their disposal.”
Getting Site Owners and Bloggers On Board
There’s an end-user problem, where computers are compromised and service providers haven’t updated their DNS resolvers and NTP servers.
“We’ve found more so lately that [hackers have] been amplifying attacks using parts of the Internet that haven’t been upgraded,” Prince says.
Security experts have made major headway on DDoS protection and mitigation, but the general site owner hasn’t.
“Many site owners and bloggers activate through a one-click simple script install, so they think that their job of running a site will largely only deal with writing and editing posts,” Prince says.