A powerful surge of DDoS (Distributed Denial of Service) attacks was recorded in the beginning of this month. By June 6, we heard of the French Journal La Tribune, the London Stock Exchange, BitGo and Team Viewer being hit. Four completely different entities were helplessly watching as their website crashed. This chain of cyber-attacks sent the public a scary message: there’s not escaping the cyber Boogeyman.
If last week’s numbers were worrisome, the overall results of the first quarter in 2016 seem to confirm this rising trend in the number of DDoS attacks. A report issued by Akamai Technologies, world leader in the field of content delivery network services, reveals the current ‘State of the Internet’ and brings to our attention key statistics concerning all major Internet service disruptions. There were 4,523 DDoS attacks recorded in the first quarter of this year, the number having increased by 125% as opposed to the same period last year.
The report also highlights the fact that DDoS attacks have increased not only in frequency, but also in time. If, before, sites were unavailable for a couple of measly hours, the ‘terror’ now spreads on an average of 16 hours and more. Another changing variable studied by Akamai, worth mentioning here, is the “strength” of these attacks. At the present time, existing infrastructures can handle transiting enormous amounts of data. That is why, ‘freezing’ the infrastructure of LSE, for instance, will take more than just a few gigabytes. Unfortunately, monstrous DDoS attacks, of over 100 Gigabytes / second, are happening now more than ever: 19 attacks were recorded earlier this year, while last year alone recorded a total of only 5 attacks. That being said, even the most prepared organizations (with a huge bandwidth capacity) will find themselves in a difficult position when faced with an attack of this magnitude.
Source: Arbor Networks
Know your enemy: the DDoS Apocalypse
We still do not have enough information regarding the nature of the attacks on LSE and BitGo. However, it is certain that La Tribune and TeamViewer were hit by DNS (Domain Name System) DDoS attacks, causing their websites to crash as a result of the attacker having exploited vulnerabilities in the domain name system. Basically, it involves sending thousands of simultaneous connections to the same server until the latter yields to the pressure. When a server reaches its breaking point, it is no longer able to meet the demand generated by the absurd number of connections and the site is no longer accessible. This method was once used to hide a hacker’s true intention (another attack) or to test the defenses of a website. Now it has mainly become the way for digital pirates to prove their ‘superiority’.
This impressive growth in DDoS attacks is not just a coincidence – for the simple reason that we are not dealing with a complicated modus operandi. This type of attack is relatively easy to achieve, having gradually morphed into a “criminal” activity provided as a service by other criminals. Today, anyone can acquire, for the right price, botnet services (a botnet network i.e. programs connected to the Internet that communicate with other similar programs for certain tasks; example: computers infected by a Trojan horse).
To summarize: by using a botnet network (or an army of zombie machines), the hacker is set and ready to launch a DDoS attack and you know what that means – it’s apocalypse time for the targeted websites. What’s even worse is that any of us could unwillingly contribute to these attacks. Remember the torrent site you were on last night? Well, while you were downloading the latest Game of Thrones, a malware was being installed on your PC. And this malware, at a chosen moment, transforms your computer into a zombie slave redirects your connection to another IP address. Winter is coming, indeed.