DDoS Attacks: If Money's Not The Motivator Anymore, What Is?

DDoS Attack Trends

Money used to be the driving force behind Distributed Denial-of-Service attacks, which often were launched for competitive reasons or outright extortion. Not anymore. The pursuit of profit has been replaced by ideology as the single biggest reason for groups or individuals to try to take down an organization's or government agency's Web site. Any organization can become a target, as a plethora of DDoS attack tools are readily available on the Web. "What we saw in 2011 was the democratization of DDoS," said Roland Dobbins, solutions architect for security vendor Arbor Networks.

Following are the top eight trends listed in Arbor Networks' seventh annual Worldwide Infrastructure Security Report.

Hactivisim

Of the 114 mobile and fixed wireless service providers surveyed for the report, 35 percent said hactivism was the No.1 motivation for DDoS attacks, followed by nihilism or vandalism. The shift away from money means a sea change in the risk assessment model for network operators, according to Arbor Networks. Making the problem worse is easy access to tools that almost anyone can use to launch an attack.

Large Attacks The New Norm

Respondents found a significant increase in the number of flood-based DDoS attacks in the 10-Gbps range. With such large assaults becoming the norm, network operators have had to prepare for them on a routine basis. The largest attack listed in the report was 60 Gbps. Such assaults represent serious threats to network infrastructure and ancillary support services, such as DNS, according to Arbor Networks.

Increasing Sophistication Of Attacks

Application-layer DDoS attacks grew in number and sophistication and have now become commonplace. Complex, multivector DDoS assaults with flood-based and application-layer attack components are quickly gaining in popularity with attackers.

Infections Tougher To See

A significant number of mobile and fixed wireless operators reported that detecting security threats on their networks remained difficult. Although these companies were in the minority, Arbor Networks said their inability to detect infected hosts pointed to significant blind spots in their networks. More than 40 percent of respondents were unaware of what percentage of their subscriber base may be compromised and participating in botnets.

First Reports Of DDoS Attacks On IPv6

Last year marked the first time survey respondents reported seeing IPv6 DDoS attacks on their networks. Arbor Networks called the attacks a "significant milestone" in the arms race between attackers and defenders. The reports confirmed that network operators need visibility and mitigation capabilities to protect IPv6-enabled properties.

But IPv6 Security Incidents Rare

Despite reports of the first IPv6 DDoS attacks, the incidents were relatively rare last year. While deployment of the latest Internet Protocol has increased, it has not reached a level where it is profitable for cybercriminals to pay serious attention to it. The rarity of attacks also indicated that a lot of iPv6 network traffic may not be monitored, so threats were most likely missed.

Security Technology Falls Short On DDoS Protection

Firewalls, intrusion prevention systems and load-balancing devices were failing under DDoS attacks. Respondents reported that state-table exhaustion was the primary reason for the failures. Network operators said they needed the capability to defend these stateful devices against DDoS attacks.

Law Enforcement Seldom Called In DDoS Attacks

Network operators reported they seldom worked with law enforcement in DDoS attacks. As in previous years, respondents said they lacked confidence in law enforcement's capabilities and willingness to investigate online attack activity. Network operators also were dissatisfied with current government efforts to protect critical infrastructure.