One of the most basic weapons in every hacker’s arsenal is getting a lot smarter.
You may have of heard of a Distributed Denial of Service (DDoS) attack. Traditionally, a DDoS attack effectively shuts down a website by sending a sudden surge of traffic against it, which overwhelms the site’s servers. Once the target is down, the real work begins.
In February 2013, cybercriminals used a DDoS attack as cover in a $900,000 bank heist. Similar attacks against other banks and gambling websites have netted criminals millions.
A DDoS attack is so simple that almost anyone can pull it off. And it’s so effective and common that it feels like almost everyone with a hacking inclination does pull it off.
A recent study claimed that the rate of attacks against businesses is increasing dramatically, “costing corporations an estimated $50,000 to $100,000 per hour.” A 24-hour outage can cost companies tens of millions of dollars, so it’s no surprise that DDoS defense is big business. San Francisco start-up CloudFlare is a billion dollar company today because of its ability to protect websites.
Add all those dollars up and you begin to see the kind of money at stake, and that’s on the defensive side.
Dirt Jumper, the popular Russian DIY DDoS kit linked to multimillion-dollar attacks on banks, is a simple tool that lets hackers launch effective DDoS attacks for fee of just $150. It requires nearly no expertise to purchase and use such a DDoS kit, making them one of the most attractive options for unskilled attackers.
This summer, security researchers at Arbor Networks began spotting a new weapon in the wild called Dirt Jumper Drive. Drive is smart technology that can identify, trick, and bypass DDoS defenses that can cost hundreds or thousands of dollars per month to maintain.
Attackers give their bots “instructions … to identify, and trick, anti-DDoS cookies, redirection methods, and meta tags used for redirecting malicious IP traffic,” Phil Annibale at Cyveillance wrote.
These smarter botnets avoid detection and increase success rates by first identifying defenses, slipping in undetected and delivering the payload.
“Drive has certainly been ambitious with its targets,” Arbor Networks’ Jason Jones wrote, Hackers have used the tool to target an “online retailer, search engine, a popular security news site and some foreign financial institutions” with a mixed success rate, according to Jones.
DDoSing certainly isn’t going anywhere. According to a recent report, there have been 33 percent more DDoS attacks in 2013 than in 2012–and they’re longer, stronger and more sophisticated attacks. Outside of heists, DDoSing even has its place in cyberwar: last month, China’s .cn domain suffered the largest denial of service attack the country has ever faced.
On this battlefield, the advantage is with the attacker.
Illustration by Jason Reed