Everything old is new again: Experts predict a flood of denial-of-service attacks

Posted By



February 7, 2017

As IoT goes mainstream Mirai-style denial-of-service botnet attacks are escalating, and hackers are targeting health care companies, financial services, and the government.
The hottest trend in cyberattacks is an archaic and simplistic hacker tool. Propelled by the rise of IoT, the popularity of denial-of-service attacks rebounded in late 2016 and early 2017. Accompanying the rapid acceleration of the IoT and connected device market, warn cybersecurity experts, will be a zombie botnet swarm of network-crippling attacks.

Denial-of-service attacks are simple but effective weapons that bring down websites and services by flooding networks with junk traffic from commandeered botnets. Digital fallout will often cripple the target and ripple across the web to knock out unaffiliated but connected services and sites. "After an attack [clients] often feel angry and violated," said Matthew Prince, CEO of denial-of-service mitigation service CloudFlare in an interview with TechRepublic. "A distributed denial-of-service (DDoS) attack is not a sophisticated attack. It's the functional equivalent of a caveman with a club. But a caveman with a club can do a lot of damage."

"DDoS outages are causing companies to completely rethink their cybersecurity strategies," said cyber-defence strategist Terrence Gareau in a report by threat and DDoS mitigation firm Nexusguard. Nexusguard examines network data to identify threat vector trends like duration, source, and variation of denial-of-service attacks."Hackers' preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors."

Denial-of-service attacks are a broad umbrella used to describe a number of technological sub-tactics. Denial-of-service attacks are common and relatively easy to pull off because these attacks simply crowdsource web IP addresses. The hacker group Anonymous made DDoS attacks famous by championing a tool nicknamed the "Low Orbit Ion Cannon" that made denial-of-service accessible and easy. The downside, of course, is that all cyberattacks are illegal, and unsophisticated DDoS attacks are easy for law enforcement to pursue.

The Nexusguard report shows that hackers are switching from DDoS to IoT botnet-based attacks like last year's devastating Mirai hack. "Distributed denial-of-service attacks fell more than 40 percent to 97,700 attacks in the second quarter of the year," Gareau said. IoT attacks targeted at French data provider OVH broke records for speed and size, the report said, and were so severe that France broke into Nexusguard's Top 3 [cyberattack] victim countries.

"The preferred programming language for the Mirai botnet helped to better handle a massive number of nodes compared to other typical languages for DDoS attacks," Gareau said. "Researchers attribute the [DDoS] attack dip and these massive attacks to hackers favoring Mirai-style botnets of hijacked connected devices, demonstrating the power IoT has to threaten major organizations."

Hackers are also diversifying attacks against large organizations in financial services, healthcare, and government sectors, Gareau said in the Nexusguard report. "Hackers favored blended attacks, which target four or more vectors, in attempts to overload targeted monitoring, detection, and logging systems."

To fend off attacks, experts like Prince, Gareau, and Cyberbit's chief technology officer Oren Aspir agree enterprise companies need to develop a response plan. "Attacks on an endpoint device will always leave some sort of trail or evidence to analyze," Aspir said. "Since the speed of detection is vital, analysts need tools that will allow them to quickly detect behavior at the endpoint, validate the threat, and perform an automated forensic investigation in real time on that endpoint."

Aspir also suggested companies prepare for DDoS and other hacks by reviewing previous attack metrics, conduct vulnerability assessment and penetration testing exercises, and simulate attacks to help evaluate team preparedness. "It's important for organizations to build a baseline that consists of what 'good behavior' should look like on an endpoint. This allows for organizations to take unknown threats and validate them quickly."

Though IoT botnet denial-of-service attacks are relatively new enterprise organizations have learned from previous attacks and already shifted defense tactics. "Researchers predict the attention from recent botnet attacks will cause companies to strengthen their cybersecurity... and ensure business continuity despite supersized attacks," Gareau said.