Hackers Resorting to Short-burst DDoS Attacks
Hackers are increasingly resorting to short-burst distributed denial-of-service (DDoS) attacks to discover vulnerabilities and plan longer attacks, reports security group Sentrix.
In an analysis, Yariv Hazony, vice president, product at Sentrix notes that over the last decade, DDoS attacks have proliferated, possibly becoming the primary threat for every website or web application. The ultimate goal is to bring down sites by flooding them with fake requests, usually from multiple locations. The outcome of such attacks ranges from slow page loads to blocking legitimate traffic.
Among thousands of DDoS attacks that happen daily are those that last a number of days, as opposed to short-duration attacks that only take a few minutes for attackers to coordinate and launch at a time. These attacks are becoming much more commonplace, whether the goal is to take a site down or if they’re used as a smokescreen to divert site owners’ attention.
Hazoney reports that Sentrix recently witnessed a three day, continuous attack that targeted two domains of a well-known bank. On the first day, the bank suffered a significant volumetric attack that lasted five to six minutes, but consumed bandwidth at a rate of dozens of gigabytes per second.
Another attack, lasting 15 minutes, took place on the second day, targeting the second domain of the bank. On the third day, the same domain targeted the previous day was hit with a long duration attack. Evidently the first and second attacks were reconnaissance attacks, executed to evaluate which of the two domains was more vulnerable. It is clear that the second domain was more susceptible since it was hit much harder in the third attack.
Sentrix also detected another short-duration spike attack that targeted one of its telecom customers. Just two hours later, there was another attack against a large utility organisation. Because of this pattern, the company identified that all three attacks were performed by the same attacker and could warn and better protect customers against further attacks.
Short-duration attacks use large volumes of traffic in short, shotgun-like bursts. Attackers leverage these short-duration attacks to evaluate which companies and organisations are easiest to infiltrate, which probably also has to do with the availability of resources.
Hazoney says that these types of attacks are more likely to come from smaller, private groups that are shorter on resources, as opposed to criminal groups or countries which have access to unlimited resources and can therefore launch long-duration attacks from day-one.
Mitigation
Time is of the essence in responding to short-burst attacks, which are likely to go under the radar and leave no time to respond says Hazoney. Organisations managing multiple web domains must have the ability to centralise incoming data, preferably by working with the same security vendor across all their domains. This enables them to predict attacks by analysing trends and patterns across their sites.
Sentrix is seeing a growing number of short duration attacks across its customer base. Awareness to this new pattern is key: customers typically assume that the attack is over, while this may actually be a sign for a much larger attack coming through.
In light of this new pattern using services and tools that can aggregate attack information across customers and websites is “an ideal way to predict and avoid the massive DDoS attacks about to come,” concludes Hazoney.