It seems the future is upon us. Some of you may have heard about the attacks on Brian Krebs’ security researcher and journalist, as well as the attacks on OVH French hosting company. The attacks are accounting for the world’s largest DDoS attacks ever on record, 620Gbps and 1+Tbps respectively. If you’ve read up on these attacks, you’ll also be familiar with the fact that automated bot armies are being leveraged by booter or stresser services. These services are offered by “entrepreneurs” for a nominal fee to their paying clientele. Booter services are not new to the realm of DDoS. What’s changed over the years is the scale and scope these automation engines are achieving. The services command and control networks have grown in number of pwn’d bots and increased capabilities of advanced and effective attack tactics. The exponential population growth of insecure internet-connected devices has enabled this. The Internet of Things (IoT) aka IP-enabled cameras, printers, TVs, refrigerators, etc. have certainly contributed in part because these devices were not developed with security in mind.
DDoS attacks have become a mainstream topic frequently in the news with coverage in major news outlets around the globe from ABC News to ZDNet and most in between. Attack campaigns by groups like Anonymous, DD4BC, Lizard Squad and Lulzsec have become dinner conversations in many homes and online businesses have been struggling to keep pace with the evolving threat landscape.
Availability – aka the big “A” – is often the overlooked leg of the CIA triad (the others being Confidentiality and Integrity). Perhaps one contributing factor is the common belief among security professionals that if data is not available it is secure. Corporate executives, on the other hand, have a different opinion as downtime carries with it a hefty price tag.
As security professionals facing the rising tide of threats, many of us find ourselves researching and implementing next-generation perimeter defenses to mitigate risks. Through analysis of threat vs. protection we quickly realize that no single protection will suffice; current risks require multiple protection layers to secure the business.
Typical intrusion prevention services (IPS) and next generation firewall (NGFW) devices claim coverage, but beware – they fall short. In fact recent studies from Radware’s 2011 Global Application & Network Security Report show combined IPS and FW account for 32% of the common DDoS bottleneck.
Here’s an interesting, new twist to the Anonymous saga: Someone apparently has developed an Ubuntu distribution with Anonymous iconography and preloaded tools such as HOIC, JTR, Pyloris, SQL Poison, etc.
With 4500+ downloads already it’s still unclear as to who actually authored the O/S. However, with the reported overhead of supporting the novice followers using BackTrack and other DDoS attack tools it wouldn’t surprise me if this is an attempt to ease the technical support burden of Anonymous.