DDoS Attack Tools, Service Help Target Organizations: Arbor Networks

Attackers are increasingly using various tools to launch distributed denial-of-service attacks, according to Arbor Networks.

While some attack tools capable of launching DDoS attacks have been publicized recently, most organizations are not even aware of the broad range of tools that have been developed in the last few years and are readily available to attackers, according to Arbor Networks. Along with downloadable tools, there are commercial services that would launch attacks for a fee, said Curt Wilson, a research analyst with Arbor Networks' Security and Engineering Response Team.

The tools included single-user flooding tools, small host and shell booters, Remote Access Trojans with flooding capabilities, simple and complex DDoS bots and commercial DDoS services, said Wilson.

Simple flooding tools, such as a host-booter, have the capability to take down enterprise-class firewalls, Wilson said.

The explosion of these attack tools is a "game changer" for enterprise security because they now allow anyone with an Internet connection to launch a DDoS against any target, according to Arbor Networks. Many of the simple attack tools don't require any sophisticated technical know-how beyond knowing how to type in the name of the target and hitting enter. Some of the more complex tools can launch application-layer attacks or target specific Apache vulnerabilities instead of just flooding the network with malicious packets.

Organizations that didn't prepare for denial-of-service attacks in the past must rethink their strategies. Recent events have shown that online protesters can launch attacks to protest a company's business practices or political philosophy. About 35 percent of the respondents in Arbor's "Worldwide Infrastructure Security Report" claimed a political or ideological reason motivated an attack on their networks, while 31 percent reported "nihilism" or vandalism.

"Increased situational awareness has become mandatory for all Internet-connected organizations," according to the Arbor report.

The analysis of attack tools accompanied Arbor's seventh annual "Worldwide Infrastructure Security Report," which the company released Feb. 7. The study also found that attack volumes increased in 2011. The increase in the number of attacks could directly be linked to the fact that it is now easier than ever to launch attacks.

While DDoS attacks launched from professional coded bots and commercial services are a bigger threat to enterprises, smaller projects from amateurs can still cause some damage, according to Wilson. These tools can also blend several types of threats, making it more attractive and financially lucrative to criminals. While host-booters are typically designed to flood a single user's IP address and knock the player out of an online game, those tools often are also capable of other malicious activities, such as stealing passwords, downloading and executing malware on the victim's computer, and sniffing keystrokes, said Wilson.

There are many reasons for using these tools for launching DDoS attacks, ranging from revenge, extortion, protesting social or political policies, and taking down a competitor. Arbor Networks has also observed thieves launching DDoS attacks to flood networks after stealing money using a banking Trojan in order to hide the theft, said Wilson.