Modern trends in the organization of DDoS-attacks

Posted: April 2, 2013 in Articles
Tags: , , , , ,

DDoS attack alertDDoS attack has become a consumer product.

She still can not be sold in the shops, but in underground sites, you will find many opportunities – sets for DDoS, price lists and even DDoS services for hire. Anyone from individuals to organizations involved in cybercrime can easily deploy a botnet and launch an attack.

Not require programming skills and knowledge of hacking, DDoS kits allow novice hackers to easily run a botnet. DDoS kit includes two components – Designer bots, as well as the management server.

Bots Designer – tool with a graphical interface to create a bots could allow an attacker to create an executable (bot) for distribution to potential targets. For Created bot provided address management server (C & C), with which it is communicating.

C & C – website administrator used by an attacker to track the boats and send them commands for execution.

When C & C is installed and executable bot is ready, the attacker can embed a bot available number of victims using conventional methods, such as social engineering attacks such as drive-by, when any browser, it does not matter, Internet Explorer or Chrome, used to fraudulently download and install malicious code. When the army of bots becomes sufficiently large, the attack can be launched.

As professional software developers, developers kits DDoS improve their products and create new versions, which are published and sold. In the underworld of the most common sets with bots designed by other people, but at the same executables and / or source code leaked for free access, and were then processed, and then was promoted rebranding. Set group based on a single source, usually called the family.

Widespread DDoS kits also promotes the appearance of DDoS services for hire. Cybercriminal groups are taking advantage of ease of use is set to create quick suggestions for organizing attacks on many underground forums (DDoS for hire, rental boats).

In a typical “business scenario” DDoS rent may include the sentence “overwhelm website rival” or, conversely, extortion in the form of “pay us to get your site does not fall.”

Kits for DDoS turned DDoS-attack into a consumer product that is easily accessible for everyone. No doubt DDoS kits will continue to develop and offer new features, making the defending side, enterprise-sacrifice, adapt to their security strategy.

Companies should not be surprised that the number of attacks continues to grow every year. The facilities and the base attack for hackers using DDoS, developed and improved. For enterprises that are to DDoS, it means only one thing: more sophisticated and difficult to counter attack.

At the dawn of DoS-attacks as a basic infrastructure to launch attacks used primitive infrastructure servers. But over the past decade have left the servers are completely DoS-scenes, and the first place came DDoS-attacks through botnets of hundreds or thousands of PCs.

In recent months, specialists observe what may be a new major change in the landscape of DDoS – the emergence of a botnet-based servers. In contrast to the pre-existing attacks based on a single server, the new DDoS-attacks are adopting multiple servers geographically dispersed and integrated into a powerful botnet. A new type of architecture DDoS, based on the use of servers, can be much more of a threat than an attack based on the conventional botnets, and there are several reasons:

Capacity – the servers are much wider channels to send data, which requires a smaller number of computers to create the same effect as using a botnet from a variety of clients. Given that the average home computer is connected via a 600 kbit / s and a typical server can send data at a rate of 1 to 100 Mbit / s, the power of interference when the servers increases to 150 times;

Reliability – servers provide far greater reliability compared to a home PC. Home PCs are often turned off or goes offline, so that attackers have to capture a greater number of computers than actually need to attack. Servers, on the other hand, are always online and available to participate in the attack.

Manageability – the control of a small number of highly available servers eliminates many difficulties associated with servicing thousands of untrusted computers, botnets.

But, despite the fact that the infrastructure of the botnet of servers is very effective, it leads to some difficulties for attackers compared to the use of home computers:

Traceability. It is much easier to trace and identify the group or the identity of those behind the attack based servers than individual owners of home computers, because the server can provide better and more accessible reporting. Suppression systems also easier to block attacks DoS, coming from a small track lists intruders compared with widely-distributed botnet.

Monitoring performance. Because the server performance is continuously monitored, and the owners usually pay for the traffic they generate, view the server much easier if it sends significant traffic, speaking as part of the attack.

Secure environment. Servers are usually located in a controlled, secure IT environment, so-called “server farms.” Such an environment has a high probability of software protection (such as antivirus software) and network security (such as a firewall or IPS), which is more likely to detect and block attacks.

High initial requirements. Using a bot army, based on the servers, requires a lot of experience in the attacks. For example, bot networks of home computers, can be easily purchased on the black market, or they can be broken by using the well-known methods of attack. Servers also require more advanced, specially prepared attack. Overall attacks coming from botnets, based on the server can be of a more serious enemy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s