Distributed Denial of Service (DDoS) attacks, such as those that plagued major American financial organizations in recent months, are growing at an alarming rate - so much so that AT&T's chief security officer has called on it's competitors and the government to better coordinate efforts to combat the dramatic increase before the tactic reaches levels that could be beyond their capacity to control - a "supersized" DDoS attack.
AT&T's CSO Ed Amoroso made the plea during the Global Network Operations Centre briefings after acknowledging that the company's customers have been experiencing sharply increased instances of powerful DDOS attacks recently, many of which the company was able to mitigate, but they worry that even larger attacks are in the near future and that no single company will be able to successfully defend against them.
“Ed Amoroso has reached out to partners within the industry and also governments to see if we can work together to defend against these attacks. If the attacks become bigger than AT&T, can we rely on competitors to work together to block it? Maybe together we would have enough capacity to handle some sort of supersized attack,” said Michael Singer, AT&T's executive director of technology security.
The company's concerns arise from evidence that DDoS attacks are growing in power and duration, and that the attacks could reach levels that dwarf those instigated by crowd-sourced hacktivists or organized crime syndicates. Singer described the perpetrators of tomorrow's DDoS attacks as being "huge organisations" akin to "cyber armies."
AT&T's efforts to intervene on the behalf of their clients in the face of a denial of service attack with mixed success. The difficulty in combating some of the most recent attacks is attributed to a change in the attacker's techniques, rapidly adjusting packet sizes and volumes. Attackers have also moved from using botnets made up of armies of zombie PCs in favor of utilizing powerful host-owned servers.
“We used to think a 3 gigabit per second attack was a big attack. In the late summer attacks, the attackers collected infected systems that weren’t residential users with a PC. They went into hosting facilities, and had very large servers that they were able to compromise and put a PHP script on, add more resources, more computing power, and more bandwidth. They were able to generate larger amounts of traffic than we have seen previously,” Singer said.
Singer said AT&T is currently looking into the option to increase the capacity on its network by "creating super double sized nodes" to accommodate the packet surges associated with a DDoS attack with the hopes they can absorb the additional malicious traffic and avoid downtime for customers.
But it is not just service providers who should be concerned about dealing with the the threat of DDoS attacks. A recent study by the Poneman Institute and security provider Radware found that as many as 65 percent of organizations reported being the victim of at least three DDoS attacks in the past 12 months. Another study carried out by Vanson Bourne earlier in the year found that 38% of enterprise survey respondents experienced at least one attack in the past 12 months, and both studies found that the attacks were fairly evenly spread across all industry sectors.
Richard Stiennon, Chief Research Analyst at IT Harvest, recommends that organizations who are concerned about their potential exposure consider implementing a first line of defense apparatus on their own networks to defend against low and slow application-layer DDoS attacks.
"Why not deploy an intelligent appliance behind the router and in front of the firewall? Filter out all the junk before you expend any resources in your firewall, or log all the events with your IDS/SEIM. Reduce your need for multiple servers and load balancers," Stiennon said.
Those concerned about their organization’s potential for exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test which provides a customized evaluation employing a series of analytical algorithms. The evaluation can be conducted in a matter of minutes by following the instructions here: DDoS Preparedness Test.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us