DDoS Forecast: DDoS Attack Trends in 2014
2013 is over and 2014 has begun (happy new year by the way). But what does that mean when it comes to network security and DDoS attacks in specific?
What to expect of DDoS attacks in 2014
- Growing attack sizes, especially DNS amplification
- More intelligent layer 7 attacks (reCAPTCHA solving, etc.)
- Multiple hundred Gbit/s attacks
Why does the size of DDoS attacks increase?
We believe that the main reason for the constantly growing sizes of DDoS attacks is that it's becoming more and more easy for unexperienced "sysadmins" to host their own websites. Most hosting providers offer images with Plesk, cPanel or other panels pre-installed. These panels are easy to manage and it only needs a few clicks to get your website up and running or to even host the websites of your friends, or even worse, offer hosting. This makes many people think "oh, I didn't know it was that easy to host a website", because these hosting control panels may make it look easy, but the people who use them have no idea what's actually running behind them. Did you know that most of these templates or default setups with a hosting panel don't have DNS recursion disabled or at least restricted to certain IP blocks? And guess what the bad guys can use them for. That's right, DNS amplification attacks, and there is nothing you can do about it if you don't have at least a bit of knowledge about Linux and it's Shell. Other reasons are hacked servers. Most of the time it's exactly such a default hosting control panel setup which leads to compromisation by some hackers. Be it an exploit in the control panel itself, an outdated service running on the server, or, what's actually the case most of the times, an outdated WordPress or Joomla! installation. So if you run your own VPS or server, please always hire a sysadmin to secure it properly, make sure that DNS recursion is restricted or disabled, that your web server and PHP is running under a system user with restricted permissions and that you keep your server, your panel and especially your websites always updated. A web applictaion firewall can also help, which our Advanced Anti DDoS Proxy includes. mod_security would be the alternative that you could install on your own server (just make sure to use a proper ruleset, such as AtomiCorp's ASL).
So basically more insecure servers equals more and larger DDoS attacks.
Friday, January 3, 2014