The Rise of “Auto Attacks,” Step aside Botnets!
Well, in case you missed it, the world has been going to “hell-in-a-hen-basket” over the past two weeks. The weeks have distinguished themselves as having four major themes:
Attacks are Nearly Continuous Now
Today attacks on organizations (especially controversial ones) are non-relenting. Like rainy weather, the question is no longer if attacks (or rain) will occur, just only what level of intensity it will bring – - some of which is very devastating.
Tactics Have Changed and are Evolving
Types of attacks have historically lived in one of four attack type quadrants with the last type – - the Complex, Volumetric Attacks define the world we live in now:
- Simple, Non Volumetric Attacks. Example: Typical Malware such as Zeus.
- Simple, Volumetric Attacks. Example: Smurf Attack, SYN Floods
- Complex, Non Volumetric Attacks: Example: Stuxnet. Four Zero-Day Threat wrapped into a worm with a goal
- Complex, Volumetric. Example: Multi-Vector / Multi-Vulnerability Attacks such as those launched from Live Boot CDs or Tools such as LOIC, RefRef, R.U.D.Y., Metasploit, etc.
Anonymous is Using ‘Apparently Anonymous’ Attackers
Content-Delivery-Networks (CDNs) Appear to be Targeted
During the past couple of weeks, we’ve witnessed that during the Israel Cyber Attacks, the attackers were using Dynamic URL’s to bypass CDN and setting “X-Forwarded-For to 127.0.0.1” (localhost) to attempt to bypass more advanced DDoS attack mitigation techniques.
So, bottom line, we are seeing highly complex, volumetric attacks rule the roost with a new tool / propensity for these attacks to be initiated by the ‘ignorant’ (bot-like, however needs a ‘drone like user’ to initiate) targeting predicated CDN responses and architecture flaws. No, it’s not the rise of the “Clones” – - it’s the rise of the Auto Attacks!