The global nature of DDoS attacks makes it difficult to prevent them. While security companies have the technology to trace individual bot IPs, their multi-jurisdictional nature – and sheer number of them – makes it difficult to do much about them. As a result, DDoS as an attack vector can only be mitigated, not prevented. This alone would suggest that DDoS is likely to increase; and that is exactly the finding of the latest 'Prolexic Attack Report: Q1 2012'. Malicious packet volume has increased 3,000% from Q1 2011 to Q1 2012.
Robin Wood, senior security engineer at RandomStorm, explained the motivation behind DDoS. “There are a couple of reasons for the increase observed this year. DDoS attacks are currently popular with hacktivists,” he said, likening them to the street protests of the 1960s and 1970s. But, he added, “They are also regularly used for extortion, where the threat is 'pay up or we take your site down' and, as most companies rely on their website for business, some do pay up.”
The prime target, says Prolexic, has been the financial institutions. “This quarter was characterized by extremely high volumes of malicious traffic directed at our financial services clients,” said Neal Quinn, Prolexic’s vice president of operations. And indeed, the overall volumes quoted by the company are mind-boggling. Prolexic mitigated the same volume of data in the first quarter of this year as during the whole of last year: 9.5 petabytes. A petabyte is equal to 1000 terabytes, or a million gigabytes, or 1,000,000,000,000,000 bytes.
Botnets are the primary source of DDoS attacks, and the company recorded over 2.9 million malicious source IP addresses during the first quarter. China is the main source of these attack bots, housing more than 30% of the total. It doesn’t mean that the attacks were directed from China, only that a large number of bots are found in China. “The most likely explanation for this behavior,” notes the report, “is the fact that Asia continues to see increased penetration of high-speed Internet connectivity. At the same time, the use of unpatched and pirated copies of Microsoft Windows is known to be prevalent within the Asia Pacific region.”
Prolexic doesn’t see the problem going away – rather it will continue to increase. Attacks are shorter, sharper and more frequent – and increasingly targeted against specific applications. And in the week in which Dr Web discovered a 600,000-bot Mac botnet, Prolexic commented, we “expect to see an increase in OS X botnets performing DDoS, now that the OS X platform has gained market share. Mobile phones and devices are also an emerging launch platform.”