A belated Happy New Year! I was off the grid for a while for the holidays and vacation, so I’m now finally catching up with the latest news in network security. And I see that the latest news is old news: DDoS attacks have continued to be in the news in these early days 2013.
I came home to find that SC Magazine, for instance, reported that a hacktivist group has claimed responsibility for the attacks that began last fall, and an article at CSO predicted that it is only a matter of time until DDoS attacks originate from mobile devices.
But the news that caught my eye came from Prolexic, a company that specializes in Distributed Denial of Service (DDoS) protection services. Prolexic released a suite of detection and mitigation rules, a log analysis tool and a comprehensive threat advisory on the itsoknoproblembro DDoS toolkit. It is a toolkit used to attack not only the banking industry, but also Web-hosting sites and the energy industry, and how it works is different from the usual DDoS attack method. According to InfoSecurity:
It uses a sophisticated two-tier combination of compromised commercial servers, and as a result can generate a higher bandwidth attack from a smaller number of hosts.
The folks at Prolexic pointed out that hackers are using the toolkit to target known vulnerabilities in Web content management systems, including Joomla and WordPress, to infect Web servers with malicious PHP scripts. The toolkit, while always dangerous, has been evolving over the past year to become a very serious threat, primarily to the financial industry — right now. Seeing that this toolkit can be and has been used against hosting sites and the energy industry, I predict it is only a matter of time until we see larger-scale attacks against those areas. I think Prolexic Chief Executive Officer Scott Hammack would agree with me, as he said in a release:
Given the chatter in the hacker underground, we expect these itsoknoproblembro DDoS campaigns will continue to grow in frequency.
I suspect this will be just the first of a number of DDoS-attack conversations we’ll be having over the course of the next twelve months, especially if (when?) the mobile device prediction comes to fruition.