DDoS attacks have been a headache for IT and security professionals for a long time, and we can expect them to get worse. Recent reports show just how much they are increasing and, perhaps more disturbing, that we’re still struggling to understand them or prevent them.
Distributed denial-of-service (DDoS) attacks continue to grow in frequency, while attack bandwidth size is declining, according to Akamai's second-quarter state-of-the-Internet security report. Among the key findings the study cited was a 132 percent increase in the total volume of second-quarter DDoS attacks, compared with the same period last year.
The Akamai report went on to state that nearly all (90 percent) of the attacks are in the infrastructure layer of the network, while the rest happen within applications. The top target of DDoS attacks surprised me—the gaming industry. It was followed by the software and technology industries, and the report cited that the reason is due to the high bandwidth used by these industries. The industry least likely to be targeted is the travel industry.
The gaming industry, of course, is very consumer driven, but most gamers have no idea the attacks are happening. A new Kaspersky Lab survey found that only 29 percent of consumers are aware of DDoS attacks, largely because they don’t usually impact the consumer directly. Still, it is important to understand the security issues behind DDoS attacks, as Elena Kharchenko, head of consumer product management with Kaspersky Lab, said in a statement:
People are concerned about the safety of their online accounts, although only a few think they will be targeted by a cyberattack. Attackers often rely on the element of surprise, when users least expect it. That’s why Kaspersky Lab recommends consumer expand their knowledge of current Internet threats, to be alert and make sure their security solutions are primed and ready.
So why are DDoS attacks on the rise? As Andrew Conway, research analyst with Cloudmark, explained to me in an email:
DDoS attacks are easy to put together, and there are a number of DDoS-for-hire services (also called 'stressers') that are available for anyone with a few dollars to spare. Aside from extortion attacks from DD4BC and others, we also see politically motivated attacks such as China's 'Great Cannon' attack on Github, and vandalism for the sake of bragging rights such as Lizard Squad's attacks on various gaming platforms.
Conway added that extortion threats based on DDoS attacks are nothing new, but the emergence of Bitcoin as an anonymous medium of exchange has dramatically reduced the risks for the attackers. Although Bitcoin isn’t easy or convenient to use, it is a popular currency for activities that would not be legal with conventional payments systems, such as circumvention exchange controls, unlicensed gambling, illegal drug purchases and, of course, extortion.
Because of the rise in DDoS attacks, researchers with Defense Advanced Research Projects Agency (DARPA) hope to announce a new approach to defending against them. That announcement is expected to come soon, and when it does, I’ll be sure to share it with you.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba