According to the data security specialist’s CTO, the arrival of this more advanced type of DoS attack shows that hackers are constantly developing and using more advanced methodologies.
Unlike traditional DoS methods that capitalise on bot-infected PCs, he told Infosecurity that the attackers have turned the web servers themselves into payload-generating bots.
Rather than use the server as a means of distributing a DoS attack using a swarm of infected remote bots, he explained, the hackers are infecting the servers themselves with a malicious DoS application.
Then, through the use of a simple software programme with a dashboard and control panel, the hackers configure the IP, port and duration of an attack.
Put simply, Imperva says they insert the URL they wish to attack, click and then start hacking.
Schulman said that his research team was able to acquire the source code of this application and has worked out how the hacker code operates.
"When we looked at it, it was a lot simpler than we expected. You're talking maybe 40 lines of code for the infection and then another 40 lines of code for the hacker user interface", he said.
"Compromising servers [in this way] actually makes a lot of sense - it's 50 to 100 times more effective from a hacker perspective", he added.
The problem from the company perspective is that, whilst corporates are obviously monitoring their incoming traffic, says Schulman, who adds that, if the hackers insert malware onto the server, it generates malicious outgoing traffic, which companies often miss.
"The problem is compounded by the fact that many companies do not deploy anti-virus software on their web servers, but on their other computers. Added to which it's not that difficult to hide a server infection", he said.
"It can therefore make a lot of sense to monitor web servers more closely. It is a solvable problem as it requires new security tactics and new security methodologies", he added.