Chinese Domain Buckles Under One-Two DDoS Punch
China experienced a massive DDoS attack over the weekend, and the fact is, there's not much a company or a government can do to ward off such onslaughts. They are becoming larger and lasting longer. "We believe DDoS attacks will increase in size and complexity," said Prolexic's David Fernandez, driven by technology, falling bandwidth prices, and the increasing sophistication of attackers.
08/27/13 5:00 AM PT
Chinese websites with the ".cn" domain name extension fell on Sunday to a distributed denial of service, or DDoS, attack, the state-run China Internet Network Information Center reported.
Two attacks reportedly were launched -- the first at midnight on Sunday and the second at 4 p.m., according to this translation of CINIC's post.
China's Ministry of Industry and Information Technology launched DNS security-specific contingency plans, and CINIC apologized to users.
CINIC described the second attack as the largest DDoS attack it has faced so far.
The Mysterious East
Just what happened in China is not quite clear.
"We have nothing official as far as our intelligence or validation of the attack," said David Fernandez, director of PLXsert, the security engineering and response team at Prolexic, a firm specializing in securing clients against DDoS attacks.
"There isn't a tremendous amount of detail available on this attack yet, probably because of the control that China has over their media," Alex Cox, a senior researcher at RSA FirstWatch, told TechNewsWorld. "We at FirstWatch are tracking it a part of our typical threat landscape overview."
The Mechanics of a DDoS Attack
DDoS attacks aim to make a machine or network resource unavailable to its users. Typical targets are sites or services hosted on high-profile Web servers, such as banks or credit card payment gateways, but government and corporate sites have become fair game of late.
DoS attacks are typically launched by saturating a server or computer with so many external communications requests that it is either dramatically slowed down, or cannot respond to legitimate traffic.
In DDoS attacks, several systems flood the bandwidth or resources of a target system.
Facts About DDoS Attacks
DDoS attacks are becoming larger and lasting longer, Prolexic has found. In Q1 2013, the average DDoS attack consumed a record bandwidth of more than 48 Gbps. This went up to more than 49 Gbps in Q2 -- a year-over-year increase of 925 percent.
Average packet-per-second volume in Q2 was 47.4 Mpps, 45 percent more than the 32.4 Mpps logged in Q1 and 1,655 percent more than in Q2 2012.
The number of DDoS attacks in Q2 2013 was 33 percent higher than in Q2 2012.
"We believe DDoS attacks will increase in size and complexity," Fernandez told TechNewsWorld.
Technology, falling bandwidth prices, and the increasing sophistication of attackers are contributing to that growth.
DDoS attacks have become a primary cyberattack method, Fernandez remarked.
In March, for example, Dutch Internet service provider Cyberbunker launched what was claimed to be the largest DDoS attack ever, at the Spamhaus Project. This slowed down the entire Internet.
In some cases, DDoS is used as a diversion for other types of attacks, Fernandez said.
A Clear and Present Danger
DDoS attacks can take various forms, RSA FirstWatch's Cox pointed out.
Attacks on DNS infrastructure are typically high-bandwidth, launched either through botnets or other hacked infrastructure, Cox said. In some cases, attackers use amplification, multiplying traffic and directing it at a target, because DNS infrastructure is typically protected from run-of-the-mill attacks.
Or, hackers could launch application-layer attacks or exploit zero-day flaws, Cox continued.
Recently, large-scale DDoS attacks have been political or hacktivist-related, Cox commented. DDoS attacks are also used by cybercriminals as weapons against each other.
Governments and corporations are equally at risk of DDoS attacks.
"In some aspects, governments' IP is no more secure than that in the private sector," Prolexic's Fernandez said.
Arming Against Attacks
"You don't want a single point of failure in any institution," Fernandez said. Governments and enterprises "should have backup plans to defend against various types of attacks."
Enterprises and governments should ensure that applications are developed using a security-focused software development lifecycle, Cox suggested. This is especially important with critical applications or Internet-facing systems.
Organizations should have plans in place for DDoS mitigation, but "a high-bandwidth DDoS [that's] botnet-based can be very difficult to defend against," Cox continued. "Often victims have to weather the storm until the attack subsides."