Just as automated toolkits made it possible for non-technically savvy criminals to launch mass malware attacks, new technology now allows almost anyone to launch denial-of-service attacks.
Attackers are increasingly using various tools to launch
distributed denial-of-service attacks, according to Arbor Networks.
While some attack tools capable of launching DDoS attacks
have been publicized recently, most organizations are not even aware of the
broad range of tools that have been developed in the last few years and are
readily available to attackers, according to Arbor Networks. Along with
downloadable tools, there are commercial services that would launch attacks for
a fee, said Curt Wilson, a research analyst with Arbor Networks' Security and
Engineering Response Team.
The tools included single-user flooding tools, small host
and shell booters, Remote Access Trojans with flooding capabilities, simple and
complex DDoS bots and commercial DDoS services, said Wilson.
Simple flooding tools, such as a host-booter, have the
capability to take down enterprise-class firewalls, Wilson said.
The explosion of these attack tools is a "game
changer" for enterprise security because they now allow anyone with an
Internet connection to launch a DDoS against any target, according to Arbor
Networks. Many of the simple attack tools don't require any sophisticated
technical know-how beyond knowing how to type in the name of the target and
hitting enter. Some of the more complex tools can launch application-layer
attacks or target specific Apache vulnerabilities instead of just flooding the
network with malicious packets.
Organizations that didn't prepare for denial-of-service
attacks in the past must rethink their strategies. Recent events have shown that
online protesters can launch attacks to protest a company's business practices
or political philosophy. About 35 percent of the respondents in Arbor's "Worldwide Infrastructure Security Report"
claimed a political or ideological reason motivated an attack on their
networks, while 31 percent reported "nihilism" or vandalism.
"Increased situational awareness has become mandatory
for all Internet-connected organizations," according to the Arbor report.
The analysis of attack tools accompanied Arbor's seventh
annual "Worldwide Infrastructure Security Report," which the company released Feb.
7. The study also found that attack volumes increased in 2011. The increase in
the number of attacks could directly be linked to the fact that it is now
easier than ever to launch attacks.
While DDoS attacks launched from professional coded bots and
commercial services are a bigger threat to enterprises, smaller projects from
amateurs can still cause some damage, according to Wilson. These tools can also
blend several types of threats, making it more attractive and financially
lucrative to criminals. While host-booters are typically designed to flood a
single user's IP address and knock the player out of an online game, those
tools often are also capable of other malicious activities, such as stealing
passwords, downloading and executing malware on the victim's computer, and
sniffing keystrokes, said Wilson.
There are many reasons for using these tools for launching
DDoS attacks, ranging from revenge, extortion, protesting social or political
policies, and taking down a competitor. Arbor Networks has also observed
thieves launching DDoS attacks to flood networks after stealing money using a
banking Trojan in order to hide the theft, said Wilson.