The Rise of “Auto Attacks,” Step aside Botnets!
Well, in case you missed it, the world has been going to “hell-in-a-hen-basket” over the past two weeks. The weeks have distinguished themselves as having four major themes:
Attacks are Nearly Continuous Now
Today attacks on organizations (especially controversial ones) are non-relenting. Like rainy weather, the question is no longer if attacks (or rain) will occur, just only what level of intensity it will bring – – some of which is very devastating.
Tactics Have Changed and are Evolving
Types of attacks have historically lived in one of four attack type quadrants with the last type – – the Complex, Volumetric Attacks define the world we live in now:
- Simple, Non Volumetric Attacks. Example: Typical Malware such as Zeus.
- Simple, Volumetric Attacks. Example: Smurf Attack, SYN Floods
- Complex, Non Volumetric Attacks: Example: Stuxnet. Four Zero-Day Threat wrapped into a worm with a goal
- Complex, Volumetric. Example: Multi-Vector / Multi-Vulnerability Attacks such as those launched from Live Boot CDs or Tools such as LOIC, RefRef, R.U.D.Y., Metasploit, etc.
Anonymous is Using ‘Apparently Anonymous’ Attackers
In case anyone missed this, Group Anonymous has put code up at pastehtml.com (a free and anonymous HTML code-hosting site) which uses your web browser to launch LOIC DDoS attacks. Unlike past attacks, recently with “OpMegaUpload” and attacks on Israeli organizations, Anonymous appears to have not just relied on willing volunteers, but rather ignorant bystanders. “This time, things are slightly different: you only have to click on a Web link to launch a DDoS attack,” said Graham Cluley, senior technology consultant at Sophos, in a blog post. He said many of these links–which point to pastehtml.com–had been circulating in disguised form via Twitter, and warned that clicking on said links would execute a DDoS attack unless JavaScript was disabled (which is nearly impractical to accomplish) in the browser.
Content-Delivery-Networks (CDNs) Appear to be Targeted
During the past couple of weeks, we’ve witnessed that during the Israel Cyber Attacks, the attackers were using Dynamic URL’s to bypass CDN and setting “X-Forwarded-For to 127.0.0.1” (localhost) to attempt to bypass more advanced DDoS attack mitigation techniques.
So, bottom line, we are seeing highly complex, volumetric attacks rule the roost with a new tool / propensity for these attacks to be initiated by the ‘ignorant’ (bot-like, however needs a ‘drone like user’ to initiate) targeting predicated CDN responses and architecture flaws. No, it’s not the rise of the “Clones” – – it’s the rise of the Auto Attacks!