Wednesday, September 5, 2012

Dos Attack - So Simple yet So Dangerous


The article proposes an analysis of DDoSattacks, explaining how the offensive technique is used in several contexts to hit strategic targets for different purposes. The discussion is supported with the statistics provided by the principal security firms that provide solutions to protect infrastructures from this kind of attacks. The article also include a specific part on the new factors that could support DDoS attacks such as the introduction of IPv6 protocol and the diffusion of mobile platforms.

Introduction

Let’s introduce one of the most diffused type of cyber attacks that represents a great concern for governments and institutions, the DDoS (Distributed Denial of Service). The attack is conducted with the intent to make a network resources unavailable and usually involve a large number of machines that target the same objective interrupting or suspending the services it provides. The principle on which the attack method is based is the saturation of the resources available to the targets that are flooded by legitimated traffic that are not able to process. The consuming of the resources of final target may usually causes the slowdown in services provided or even complete blockage of the same. It must be clear that Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, an ethic manifesto for internet use. The IAB is the committee charged with oversight of the technical and engineering development of the Internet by the Internet Society (ISOC). DDoS attacks is commonly considered a cyber crime by governments all around the world, they constitute violations of the laws of individual countries, but despite this global acceptance is still very difficult to be pursued due the different legislation and territorial jurisdictions.

The raise of DDoS attacksThe raise of DDoS attacks

Despite it is relative ease organize a DDoS attack, it still represents one of the most feared offensive forms for its ability to interfere with the services provided, DDoS attacks are so widely used by hackers and hacktivists, but also represent a viable military options in the event of a cyber attack against critical enemy structures. According “Worldwide Infrastructure Security Report” published by Arbor Networks, a leading provider of network security and management solutions, Ideologically-Motivated ‘Hacktivism’ and Vandalism Are the Most Readily-Identified DDoS. Arbor Networks has provided evidence that in 2011 behind the majority of DDoS attacks there were group of hacktivists that have involved critical masses in the manifestation of their dissent, 35% reported political or ideological attack motivation meanwhile 31% reported nihilism or vandalism as attack motivation. Today is possible to retrieve tool for DDoS attacks freely such as the famous “low orbit ion cannon” (LOIC), and it’s equally simple rent a botnet with a few tens of dollars, this factor have transformed the DDoS attacks in one of the most dangerous cyber threat. We are facing with crime industry that is arranging specific services to rent ad hoc network used to amplify attacks, a phenomenon in constant growth. We have also consider that the attacks are becoming daily more sophisticated addressing various level of network stack and often in multilayered offensive.
A great contribution to the raise of number of DDoS attacks is given also by the diffusion of malware agents, it is the case of a newer version of the Russkill bot also also known as Dirt Jumper, responsible for a many attacks. Iit seems that the author of the malware has released another DDoS toolkit that has similar structure and functionalities, named Pandora, that will give a sensible contribute in term of cyber attacks. The increase of the attacks is also motivated by a couple of other factor, the diffusion of mobile devices and also the introduction of IPv6 protocol. One of the IT sector that is interested by the major growth is without doubt the mobile, an increasing number of platforms and related application has been developed in the last mouth consolidating the trend. Of course with growth has been observed a sensible increasing of cyber attacks on the mobile sector, today still vulnerable on the security perspective. To an impressive growth in the demand is not corresponded the awareness of the threat, the user ignores most of the time the potential of its smartphone and threats which it is exposed. Mobile botnet is a botnet that targets mobile devices such as smartphones, attempting to gain complete control of them. Mobile botnets take advantage 
of unpatched exploits to provide hackers with root permissions over the compromised mobile device, enabling hackers to send e-mail or text messages, make phone calls, spy on users, access contacts and photos, and more. The main problem is that botnets go undetected and this make really difficult to tackle. The malware spread themself sending the agents to other devices via e-mail messages or text messages. But cyber threat related to mobile devices is not also related to a malware infection, due the difficult to track the origin of attacks in many cases these platform are used to launch attacks in deliberate way, it’s the case for example of a user that decide to participate to a DDoS attacks downloading a specific tool to flood with traffic the final target. As anticipated another meaningful phenomenon is the introduction of IPv6 protocol, the switchover from the protocol IPv4, to IPv6 will create vast numbers of new internet addresses that could be used to orange a DDoS attacks. Despite this kind of incidents are relatively rare, the introduction of the new protocol represents an attractive opportunity for cyber criminals that intend to move a DDoS attack, let’s consider that the first attacks based on IPv6 addresses have been already discovered.

Conclusions

This type of attacks is still preferred by group of hacktivist that are intensifying the offense against private companies and governments, but also cybercrime is adopting it in complex operation where the need is to block a web service meanwhile a fraud schema is implemented. The attacks is also largely adopted in cyber warfare to hit the critical infrastructures of a country, let’s remind that also financial institution of a nation are considerable vital entities for a country. Despite the last quarter has registered a reduction of the total number of attacks the cyber threat is still very worrying, the DDoS doubled in Q2 2012 respect the same quarter one year ago. The diffusion of botnets and also the introduction of IPv6 represents a further factors that could amplify the magnitude of the cyber threats and frequency of this type of attacks. DDoS attack is evolving, are both private and government sectors ready to protect their structures? Underestimate the threat could be very dangerous!

No comments:

Post a Comment