DDoS attackers turn fire on ISPs and gaming servers

Attacks on banks recede dramatically, NSFOCUS reports

DDoS attackers seem to have switched their attention from banks to gaming hosts, ISPs and even enterprises, half-year figures from Chinese mitigation vendor NSFOCUS have confirmed.

The firm's recent statistics show that the peak for DDoS attacks on banks happened in the first half of 2013 when they accounted for an extraordinary 45 percent of all attacks, with enterprises second in the target list at around 25 percent.

By the second half of last year, this had started to change with bank attacks slipping under 10 percent - this has since dropped to fractions of a percent. If banks are now off the menu, online gaming and ISPs are suddenly popular, rising in the first half of 2014 to 10 percent and nearly 15 percent of attacks respectively.

"This indicates how 'trendy' profit-driven hackers can be when selecting their attack prey, choosing the most ripe target for the times," said NSFOCUS's researchers.

Oddly, the firm omits to offer a more detailed explanation for these trends in DDoS attacks, so let's speculate to fill in some of the blanks.

The wave of bank DDoS attacks in early 2013 were part of a wider assault on the sector, which probably had both political and financial motivations. From one side, Iranians actors were said to be hitting US firms as part of a cyberwarfare campaign that had started in 2012. From the other side, criminals started using DDoS as a distraction exercise while they attempted to transfer funds from compromised bank accounts. Both were eventually contained, or so it seems.

This year's spike in attacks on gaming sites seems to be spurred by the actions of individual hacking groups that want to disrupt an a multi-billion online industry, a good example of which would be last week's 'Lizard Group' attack on Destiny, Call of Duty: Ghosts, and Sony's PlayStation Network (PSN). They do it because they can - this kind of DDoS attack is now a cheap commodity.

As for ISPs, these attacks are more significant and probably relate to probes against the infrastructure that holds up many online services. ISPs offer a god test bed for new types of attack.

NSFOCUS also reports that attack duration is now holding steady with 93.5 percent of attacks lasting 30 minutes of less. Longer-lasting attacks remain curiosities, including a single attack in the first half of 2014 that persisted for an extraordinary 228 hours. Only 5 percent of attacks exceed 4Gbps.

Other firms have reported on two far more alarming DDoS trends, namely a sudden spike in massive attacks exploiting server vulnerabilities and protocols such as DNS, NTP, and even SNMP. A good example of where could be leading came with news of a 300Gbps peak attack on an unidentified data centre, reported in August by Verizon.

A second aspect of this is the possibility of combining different types of reflection attack into one larger and more complex attack. This happened for the first time (as far as is known) later the same month when Australian data centre Micron21 found itself on the receiving end of a 'CDRDos' storm.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityNSFocus

More about SNMPSonyVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts