Hackers and cyber criminals have always used distributed denial-of-service (DDoS) attacks to target organisations across the world, but new research indicates that the attack method is quickly evolving as it becomes cheaper to create and deploy.
This is a definite risk for businesses and their security teams that are already required to fend off a rising number of cyber intrusions on their networks.
A DDoS attack typically attempts to overwhelm a server with web traffic and take the site offline, and has been used to target everything from the UK National Crime Agency to the Church of Scientology.
The software used in such an attack is now widely distributed via underground marketplaces on the so-called dark web, accessible only with the Tor browser and this has led to a notable spike in attacks, as a report from Kaspersky Lab noted.
The report, entitled Denial of Service: How Businesses Evaluate the Threat of DDoS Attacks (PDF), surveyed more than 5,500 companies in 26 countries around the world and found that 50 percent of DDoS attacks "lead to a noticeable disruption of services" while 24 percent lead to services being completely unavailable.
A cyber smokescreen
Worryingly, the report also noted that a DDoS event is often just one part of a wider attack on an organisation.
"DoS is frequently used as a decoy to distract IT staff from an intrusion taking place at the same time," the report revealed.
"Combining such an attack with another type of intrusion may increase the collateral damage, on top of already significant losses caused by downtime and reputation damage."
Indeed, up to 74 percent of those surveyed reported that DDoS attacks against their companies coincided with other security incidents, leading to the conclusion that these attacks are now being used to create a cyber smokescreen.
Evgeny Vigovsky, head of DDoS protection at Kaspersky Lab, warned that the mixture of DDoS and other malicious activity will "multiply the damage" for businesses.
"It is natural that DDoS attacks are increasingly causing problems. The methods and techniques used by criminals are evolving, with attackers looking for new ways of ‘freezing' their victims' operations or masking intrusion into their systems," he said.
"Even with a large staff of IT professionals it is almost impossible for companies to handle a serious DDoS attack and recover their services on their own."
The impact of these attacks was seen recently when up to 650,000 smartphones in China were used to launch a large-scale DDoS attack.
The flood of traffic, discovered by security researchers at CloudFlare, peaked at over 275,000 HTTP requests per second and resulted in 4.5 billion hits on the targeted website.
"Attacks like this form a new trend. They present a great danger in the internet. Defending against this type of flood is not easy for small website operators," said Marek Majkowski, DDoS mitigation expert at CloudFlare, at the time.
DDoS on the rise
Kaspersky is not the only company to witness this rise in attacks. A separate mid-year DDoS threat report by security firm Corero found attacks on customers have risen to an average of 4.5 a day, up from three a day in the previous quarter.
The Corero analysis revealed similar findings to Kaspersky's, reporting that DDoS attacks are increasingly being used to distract organisations from a bigger attack.
"With the increase in ransom-driven DDoS attacks, smokescreen attempts and true-to-its-name DoS threats, the internet-connected business now more than ever before is susceptible to damaging DDoS attacks," the report revealed.
"Organisations are faced with the onslaught of DDoS attacks at an alarming frequency, whether to inflict a complete outage, service degradation, or to obfuscate a more malicious threat."
The report also noted that the software used to launch DDoS campaigns is widespread and easy to access, meaning that hackers will use it more frequently.
"The rise in DDoS attacks generally is not surprising at all. DDoS attack tools are cheap (in many cases free) to obtain, easy to launch and are most often executed with complete anonymity and can be driven by a wide range of motivations," said Corero.
As these attacks increase many firms that offer security services, such as BT and Level3, now offer increased protection against DDoS attacks.
Mark Hughes, chief executive of security at BT, said during the opening of BT's state-of-the-art cyber centre that DDoS attacks affected two in five global organisations over a one-year period.
"There was a view a few years ago that DDoS was something that was a passing phase, yet I see us and our customers constantly being tested with new attacks. Being able to respond to that for most of our customers is something we have to be extremely agile at," said Hughes at the time.
Dave Larson, CTO and vice president of product at Corero, said it was important businesses recognised the threat such attacks pose and protect themselves whereever possible.
"In order to effectively protect their networks, prevent disruptions to customer operations, and better protect against data theft and financial loss, companies need real-time visibility and mitigation of all DDoS attack traffic targeting their networks, regardless of size or duration."
No system is safe
It is generally accepted that no system is 100 percent safe from cyber attack. Only last month, security researchers at Akamai uncovered trojan malware being used to hijack Linux-based systems and build botnets to carry out DDoS attacks.
The Linux XOR DDoS campaign attacked up to 20 targets a day, 90 percent in Asia. The Akamai researchers also found evidence that the botnet's main targets were the gaming and education sectors.
"XOR DDoS malware is part of a wider trend of which companies must be aware: attackers are targeting poorly configured and unmaintained Linux systems for use in botnets and DDoS campaigns," said Akamai.
The network firm published a security analysis of its networks to give business leaders insight into current cyber threats.
The report showed that roughly 75 percent of companies do not involve the full board of directors in cyber security oversight, and 51 percent do not re-evaluate information security as a result of high-visibility data breaches.
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix