A recent example of this trend was a DDoS attack targeting a number of US battery retailers that originated in Russia but was suspected of being paid for by a US competitor, Jackson told Infosecurity.
According to documents obtained by the Smoking Gun, the FBI’s Cyber Crimes Task Force conducted an investigation into a series of DDoS attacks against websites of US-based battery retailers, such as batteriesplus.com and batteries4less.
The task force found that the attack originated from a pair of botnets using Russian web domains being hosted by an ISP in Romania. The domains were registered to Korjov Sergey Mihalivich, a 30-year-old St. Petersburg man, although the FBI suspects a business competitor was behind the effort.
There have been a number of other similar DDoS attacks, Jackson said, citing the arrests of the chief executive of ChronoPay, a Russian internet payment provider, for attacks against competitors, and the former CEO of YouSendIt.com, which provides a service for large file transfers over the web, for attacks against his former company.
“Today, the drivers [of DDoS attacks] are monetary, where attackers are gaining money through means of extortion and brand damage….That is happening a lot more”, Jackson observed.
Botnets are a popular means of launching DDoS. Jackson's firm is tracking over 200 botnets that have as their primary purpose the launching of denial of service attacks.
Jackson offered a number of recommendations for companies and organizations to protect themselves from DDoS attacks. First, for companies that use a third-party data center, they should check to see if the third party provides DDoS protection, either through a for-pay service or through the entire data center. “If a data center gets attacked, that can have collateral damage for you. That is something you need to be aware of”, he said.
For companies that operate their own data centers, they need to make sure they have protection for both botnet-based and application-layer DDoS attacks on the premises of the network. “You cannot rely on existing tools, such as firewalls and IPS [intrusion prevention systems] that don’t protect against denial of service attacks”, Jackson stressed.
Companies also need to check the DDoS protection offerings that their internet service provider offers. “Most ISPs do provide DDoS protection, and companies should look into this”, he said.
Arbor Networks offers a number of DDoS protection products, including its Pravail service for attacks at the edge of the data center and enterprise networks, and Peakflow SP, an IP traffic flow monitoring system for ISPs and large enterprises, Jackson said. He added that Arbor also offers its free ATLAS service, which provides business intelligence on DDoS threats.