The Current State of DDoS Attacks: Are They Getting Smarter?

There has been a flurry of DDoS reports in the last few months, highlighting the evolving state of DDoS threats and warning of an upcoming wave of even bigger and more dangerous attacks. The sheer number of vulnerable connected devices out there, combined with the hacker community’s unrelenting ability to find new vulnerabilities to exploit, has significantly increased the potential scale of DDoS attacks. Indeed, with an anticipated 20.4 billion devices due to be deployed by 2020, it’s safe to say that those attacks are anticipated to grow even bigger in the future and could have devastating consequences for organizations from all sizes across the world.

The online space is growing every day, so the evolving scale of DDoS attacks shouldn’t come as a surprise. But are those attacks getting any smarter?

Same tactics, new tools

While the Internet has been fighting off DDoS attacks for over two decades, these denial of service attacks are now taking center stage, as their techniques have become far more sophisticated in nature. Coupled with the ease of securing DDoS-for-hire services and increasingly broad motives, we are seeing a dangerous concoction of attack vectors.

Indeed, attackers are constantly on the lookout for more creative techniques to wreak havoc with the organizations in their spotlight. A couple of years ago attackers took a new approach to exploiting vulnerabilities in Domain Name System (DNS) servers. The DDoS attack incident in October 2016, against DNS provider Dyn, was the first public example of cybercriminals launching a single attack able to simultaneously disrupt the online presence of many well-known Internet businesses, and it’s somewhat surprising that we have now gone so long without seeing another attack of a similar type.

However, with many organizations subsequently working to make their DNS provisioning more resilient to such attacks, cybercriminals looked to other vulnerable Internet services like NTP but, after some significant holes in that protocol were patched, they just moved on to the next – connectionless LDAP (CLDAP). The latest example of the hackers’ grand ambitions, was the Memcached server exploit. This attack vector was used in the 1.34 Terabit attack on GitHub – one of the biggest attacks on record.

Today, Artificial Intelligence and Machine Learning technologies are increasingly used as part of security solutions, including DDoS protection, to increase efficacy and detect attacks which might otherwise occur under the radar. However, we need to be prepared for hackers who are also taking advantage of such technologies to create hacking tools which can potentially help them identify and exploit new types of vulnerabilities, quicker than they’ve been able to in the past. A recent report has warned of the upcoming wave of AI-based attacks, confirming hackers are upgrading their arsenal with AI and ML for data theft and gaining unauthorized access into systems. So, we need to consider that it’s a matter of time before they apply the same tactics with DDoS attacks.

Best practices for protecting against DDoS attacks

The future of AI-based attacks remains unknown; despite the tools and techniques used by hackers, organizations need to have the right protection in place. We don’t know exactly what the next tool or vulnerability hackers will use to launch a DDoS attack will be.

What we do know is this. In order for organizations to keep up with the growing sophistication and range of attacks, it's essential to maintain comprehensive visibility across their networks to detect and block any potential DDoS attacks, with real-time DDoS protection solutions, as they arise and before they have a chance to cause damage.

Contact us to learn more about the available protection solutions that can squash DDoS attacks, even as they become more sophisticated.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.