.png)
By Bruce Urbin, Jun. 18, 2014, Forbes.com
The denial of service attack gets few props for novelty in a field that prizes novelty. In a denial of service (DoS) attack, hackers flood a Web site or application with pointless requests that clog or overwhelm network resources and potentially shut it down. DoS is a cudgel, not a lockpick designed to open up sensitive areas. Lately, though, its perpetrators are making up in volume what they’ve lacked in flair.
The chart below shows the biggest DDoS attacks by month, measured in billions of bits (gigabits) per second by security firm Arbor Networks. Most of these are DDoS attacks, the extra D stands for distributed, or originating from multiple computers. The spikes are getting higher, peaking with a 320 Gbps attack in February. That same month Cloudflare tracked a 400 Gbps attack. These are whoppers, people. A single DDoS surge of 100 gigabits per second is enough to disrupt most corporate networks. 300 gigs could flatten one.
Something has changed in the security landscape when you’re seeing spikes like these. Attacks larger than 20 gigabits per second rose eightfold in 2013 compared with 2012. As of April 2014 the Neustar Security Operations Center had already dealt with more than twice as many 100-plus Gbps attacks compared to all of last year. The average DDoS attack has gone up in size but is still in the range of 1 to 5 Gbps.
DoS was always seen as bothersome but not lethal. The cost is in downtime ($1 million/day on average). But security experts say these quick, sharp DDoS attacks are often smokescreening, a diversionary tactic from the main break-in for credit card numbers or other sensitive data. Hackers are also increasingly able to amplify their DDoS attacks by going after vulnerable Internet servers known as NTP or UDP servers that are fooled into thinking the packet is coming from the targeted server so they dutifully spew out vast quantities of responses to a target IP address. Depending on how powerful and networked the vulnerable server is, an attacker with a mere 1 Gbps connection can generate a 200 Gbps DDoS attack.
 |
| A geography of who's hitting whom in denial of service cyber attacks. The large unknown reflects the difficulty of measuring the threat. / Credit: Forbes.com |
The chart below shows the biggest DDoS attacks by month, measured in billions of bits (gigabits) per second by security firm Arbor Networks. Most of these are DDoS attacks, the extra D stands for distributed, or originating from multiple computers. The spikes are getting higher, peaking with a 320 Gbps attack in February. That same month Cloudflare tracked a 400 Gbps attack. These are whoppers, people. A single DDoS surge of 100 gigabits per second is enough to disrupt most corporate networks. 300 gigs could flatten one.
DoS was always seen as bothersome but not lethal. The cost is in downtime ($1 million/day on average). But security experts say these quick, sharp DDoS attacks are often smokescreening, a diversionary tactic from the main break-in for credit card numbers or other sensitive data. Hackers are also increasingly able to amplify their DDoS attacks by going after vulnerable Internet servers known as NTP or UDP servers that are fooled into thinking the packet is coming from the targeted server so they dutifully spew out vast quantities of responses to a target IP address. Depending on how powerful and networked the vulnerable server is, an attacker with a mere 1 Gbps connection can generate a 200 Gbps DDoS attack.
Read the full story: www.forbes.com
Follow Larry Elder on Twitter
"Like" Larry Elder on Facebook
No comments:
Post a Comment
Comment Policy:
The author of this blog will attempt to engage in conversation via the comments section whenever possible and recognize the 24/7 nature of the internet. Moderating and posting of comments will occur during regular operational hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible, however admins and/or the author is unable to commit to replying to every comment posted.
This is a moderated blog. That means all comments will be reviewed before posting. In addition, it is expected that participants will treat each other, as well as the author and admin, with respect. Comments that contain vulgar or abusive language; personal attacks of any kind will not be posted. Comments that are spam or that promote services or products will not be posted. It is requested that all comments remain on topic.
The Elder Statement blog does not guarantee or warrant that any information posted by individuals on this blog is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. The Elder Statement blog may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. The Elder Statement blog does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those Web sites that may be reached through links on our Web site.
To protect individual privacy and the privacy of others, please do not include phone numbers, addresses or email details in the body of a comment. Such information will result in removal of a comment.
Thank you for your attention.
The Elder Statement