Cyber Security DDoS

DDoS Attacks is The Next Big Trend for 2020

DDoS Attacks is Trending

You can say lots of things about 2020, with one of them being that people are using the internet more than ever. Cyber-criminals have responded to this increased internet usage by increasing their efforts with DDoS attacks. DDoS attacks in 2020 have been shorter and smaller but no less of a nuisance to companies.

Many 2020 DDoS attacks have targeted the network layer of the OSI model. This is the network-to-network connection where packets of data are sent between computers according to specific protocols. For the target, this means attackers send vast quantities of junk network traffic to a server. These requests slow down the target server and render them inaccessible, preventing legitimate users from connecting to websites and online services.

Here are some of the recent DDoS attacks trends for 2020;

1. Plenty of Small and Short Attacks

Launching a DDoS attack has never been easier, with many hackers offering their services for a dollar a minute. Anyone can take down a network with a small and straightforward DDoS attack. With the barrier to entry getting lower each day, more people are getting in on the action and start attacks.

The small and simple approach to DDoS has taken off this year, with most attacks reported by Cloudflare to be under 10 Gbps. Two-thirds of DDoS attacks in Q1 2020 were under 500Mbps. Around 13.5% of the DDoS attacks recorded up to March were generated with free publicly available Mirai variations.

These attacks may be small, but they still pack a devastating punch for under-protected systems and properties. These attacks allow criminals to quickly bring down a server and demand a ransom payment to stop the attack and allow a business to resume.

2.More Variety but Less Persistence

While there are more smaller attacks, attack persistence for DDoS attacks appears to be on the downswing. For example, attackers launched up to 523 DDoS attacks against a single IP in one day during the fourth quarter of last year. By comparison, there are more attacks than ever before, but the average persistence rate has dropped to just 2.2 attacks per IP per day. The most potent attack of 2020 saw 311 attacks on one IP.

The new numbers represent a 40% drop in attack persistence over 2019. Attackers may be getting too lazy to keep attacks going, but it’s more likely that the increase in small attacks has diluted the average persistence rate.

3.Bringing in the Big Guns

Despite the increase in smaller attacks, there are still plenty of significant attacks to worry about. The scope and volume of DDoS attacks increased dramatically in March 2020. The second half of the month saw 55% more DDoS attacks than the first half. Nearly all DDoS attacks in March (94%) were over 300Mbps.

Other data shows the maximum length for DDoS attacks increased up to 264% for Q1 2020 compared to the same period in 2019. This data is alarming, given that DDoS attacks can cost businesses up to $40,000 per hour.

Cyber Security DDoS

How to Protect Yourself Against a DDOS Attack

A DDOS attack can wreak havoc in any business. Within minutes, your website can go down and documents can be erased. The reputation of your business can be impacted for years. Even the largest corporations in the world have proven themselves to be vulnerable to this type of attack. It is essential for all businesses to protect themselves against a potential DDOS attack.

What is a DDOS Attack?

DDOS is short for denial of service. It is called a denial because it restricts users from accessing a server. For example, an attack could mean that you lose access to your website and it becomes completely inaccessible for visitors. This results in downtime which can be incredibly damaging for any business. Additionally, some hackers may start with a low-level attack and threaten a more powerful one unless a ransom is paid. Hackers are continually looking for vulnerabilities to exploit, and for some, engaging in these attacks is proving to be very profitable. There are three main types of attacks which are volumetric, application-layer, and protocol. Each works differently, which makes it essential to protect against all types.

Preventative Measures

Luckily, there are preventative measures that you can implement to prevent a DDOS attack. The first step that all organizations should take is to develop a response plan. The security team should undertake an assessment for the entire organization, and all teams should be kept informed of the plan. It only takes one individual to uncover a vulnerability within the server. User error is one of the most common causes of a DDOS attack. Engage in strong security practices, and develop these throughout the organization through the use of seminars.

Make sure that you have a response plan so that everyone is aware of which actions to take in the event of a DDOS attack. This can help protect your data center and minimize the potential damage. You should also secure your network infrastructure with multi-level protection strategies. Examples include VPNs, firewalls, content filtering, and other methods. Every method should be aligned correctly. Additionally, all of these methods must be kept up to date.

Stress Testing

Every organization should make use of stress testing. This is the only way to continually test your security protocol. This tool tests your server for robustness, and analyzes how it would cope against a real DDOS attack. It is also known as a Booter / IP Stresser because it boots your server against potential attacks. The findings can help you spot any weaknesses and patch them before you face a real threat. It is important to choose a stress testing service that covers all types of attacks.

Closing Thoughts

DDOS attacks continue to become more prevalent, and they can cause immense damage to corporations. It is vital not to become complacent with security measures since criminals are always looking to update their modes of attack. Making use of stress testing helps to gauge your current level of security and ensures that you can be prepared against any type of DDOS attack.

Cyber Security DDoS

IP Stressers / Booters Services

You may have come across the term “booter services” in the past and wondered what it means. A booter service is an on-demand Distributed Denial-of-Service (DDoS) attack offered by cybercriminals. The attacks bring down websites or whole networks. A booter attack is an illegal use of an IP stresser.

These attacks often mask the identity of the attacker by using proxy servers. These proxies reroute online connections through other IPs to hide the original IP address of an attacker.

Booter services are commonly offered as Software-as-a-Service (SaaS) style bundles. These bundles come with tutorials and customer support. Attacks can be sold as a one-time service, as regular attacks over a set period. Some attackers also offer “lifetime” access where customers can request an attack whenever they want. Basic booter services packages are available for as low as $19.99 per month. You can pay for these services using cryptocurrency, credit cards, Skrill, and PayPal. Be careful using PayPal; however, as the service cancels payments and suspends accounts involved with malicious services like this.

What Are Amplification and Reflection Attacks?

Amplification and reflection attacks use legitimate traffic to overwhelm target networks and servers. The attacker forges the victim’s IP address and sends messages to third-party websites pretending to be the victim, an act known as IP address spoofing. Because third-parties cannot tell that the IP address has been spoofed, it responds to the victim. Both sides are unable to see the IP address of the attacker. This is a reflection attack.

Think of it like ordering pizza to someone else’s house while pretending to be them. The person has to pay for the pizza they didn’t order. In his case, the server has to deal with the traffic they never asked for.

A traffic amplification attack is when an attacker forces third-party servers to send responses to a victim containing as much data as possible. The difference between the request and the answer is the amplification factor of the attack. The more amplified the attack is, the greater the amount of potential disruption for victims. This attack also disrupts the third-party server because it has to process so many spoofed requests.

The most effective booter attacks employ some form of amplification or reflection. Attackers fake the target address and use it to message a third-party. The reply is sent to the target. The response is amplified and much bigger than the original message, leading to a more impactful attack.

To go back to our pizza comparison from earlier, each bot involved in the attack is like one malicious prankster calling a restaurant. They call the restaurant and order everything on the menu and request a callback confirming the order. The restaurant calls the victim and gives them a flood of information they never asked for or expected the more bots involved in the attack, the more significant the impact.

Why are Booter Attacks Difficult to Trace?

Booter services are difficult to trace because people buy them through fronted websites where they make payments and leave instructions. It is impossible to connect the attack to the request/payment, making it challenging to prove criminal intent. However, criminals can be tracked by following the paper trail and seeing where the money went.