support@r00t-services.net

DDoS Forecast: DDoS Attack Trends in 2014

Portal Home > Announcements > DDoS Forecast: DDoS Attack Trends in 2014

DDoS Forecast: DDoS Attack Trends in 2014

ddos attack protection


2013 is over and 2014 has begun (happy new year by the way). But what does that mean when it comes to network security and DDoS attacks in specific?


What to expect of DDoS attacks in 2014

In 2013 we already had the largest volumetric distributed denial of service (DDoS) attacks that anyone has seen so far. While our EU datacenter was experiencing and sucessfully mitigation the largest DDoS attack (read about it here), which was generated by DNS amplification (rDDoS, where the "r" stands for "reflected"), other providers experienced attacks of an almost similar size and type (such as CloudFlare) and Incapsula also mitigated a huge attack which was targeted on a Bitcoin exchanger. They state that it was a SYN flood rather than a DNS amplification attack, which makes me wonder why the only post a graph of the bits per second, while with a SYN flood it's mostly the packets per second that matter. Anyway, it's a fact that 2013 was the year with the biggest DDoS attacks in history and indicates that in 2014 the attacks will grow further and DNS reflection attacks of more than 100Gbps won't be a rarity anymore. Also the amount and the size of layer 7 attacks will increase, such as HTTP GET and POST floods, which aim at weaknesses (performance bottlenecks) of websites, rather than trying to overload the server's NIC by sending huge amouts of bandwidth and/or packets. This way it's possible to generate much more efficient attacks with just little effort and bandwidth consumption. Of course these layer 7 attacks have to cope with the counter measures various sysadmins as well as anti DDoS providers use, such as browser integrity checks (JavaScript, Flash, etc.) and captchas such as reCAPTCHA. There already are botnets who are able to solve reCAPTCHA in order to circumvent traditional layer 7 filtering, which will only leave HBA (human behaviour analysis) and very senstive traffic anomaly detection as efficient layer 7 filtering methods in the future.
  • Growing attack sizes, especially DNS amplification
  • More intelligent layer 7 attacks (reCAPTCHA solving, etc.)
  • Multiple hundred Gbit/s attacks
These are the main concerns regarding DDoS in 2014.


Why does the size of DDoS attacks increase?

We believe that the main reason for the constantly growing sizes of DDoS attacks is that it's becoming more and more easy for unexperienced "sysadmins" to host their own websites. Most hosting providers offer images with Plesk, cPanel or other panels pre-installed. These panels are easy to manage and it only needs a few clicks to get your website up and running or to even host the websites of your friends, or even worse, offer hosting. This makes many people think "oh, I didn't know it was that easy to host a website", because these hosting control panels may make it look easy, but the people who use them have no idea what's actually running behind them. Did you know that most of these templates or default setups with a hosting panel don't have DNS recursion disabled or at least restricted to certain IP blocks? And guess what the bad guys can use them for. That's right, DNS amplification attacks, and there is nothing you can do about it if you don't have at least a bit of knowledge about Linux and it's Shell. Other reasons are hacked servers. Most of the time it's exactly such a default hosting control panel setup which leads to compromisation by some hackers. Be it an exploit in the control panel itself, an outdated service running on the server, or, what's actually the case most of the times, an outdated WordPress or Joomla! installation. So if you run your own VPS or server, please always hire a sysadmin to secure it properly, make sure that DNS recursion is restricted or disabled, that your web server and PHP is running under a system user with restricted permissions and that you keep your server, your panel and especially your websites always updated. A web applictaion firewall can also help, which our Advanced Anti DDoS Proxy includes. mod_security would be the alternative that you could install on your own server (just make sure to use a proper ruleset, such as AtomiCorp's ASL).
So basically more insecure servers equals more and larger DDoS attacks.


Friday, January 3, 2014







« Back

  View RSS Feed

Our official partners