- Kylie Jenner trademarks ‘rise and shine’ after meme success 6 Years Ago
- ‘Watchmen’ website expands what you know about its alt-history 6 Years Ago
- Smoke ’em, pass ’em Week 8: Mark Walton szn 6 Years Ago
- Venmo’s first-ever credit card to launch in 2020 Today 3:46 PM
- Wet Kylo Ren may turn everyone to the dark side Today 3:15 PM
- Man allegedly targeted trans women on dating app, robbed them at knifepoint Today 3:02 PM
- Researchers expose how Amazon Echo and Google Home can steal passwords Today 2:47 PM
- Facebook removing Instagram Story filters that mimic plastic surgery Today 2:16 PM
- Mom solves ‘ghost baby’ image mystery after viral post Today 1:23 PM
- Elon Musk tweeted ‘through space’ Today 1:16 PM
- Don’t want a Fitbit? These step tracker apps got you covered Today 12:51 PM
- Protesters sing ‘Baby Shark’ to soothe frightened toddler Today 12:47 PM
- Who is Babu Frik, the adorable, teeny mechanic from ‘Rise of Skywalker’? Today 12:36 PM
- Senators push for social media data portability Today 12:11 PM
- ‘Stage Fright’ is a therapeutic lens into Jenny Slate’s weird world Today 11:34 AM
Your website may not be as safe from a DDoS attack as you think
Distributed Denial of Service attacks are getting a lot smarter.
One of the most basic weapons in every hacker’s arsenal is getting a lot smarter.
You may have of heard of a Distributed Denial of Service (DDoS) attack. Traditionally, a DDoS attack effectively shuts down a website by sending a sudden surge of traffic against it, which overwhelms the site’s servers. Once the target is down, the real work begins.
A DDoS attack is so simple that almost anyone can pull it off. And it’s so effective and common that it feels like almost everyone with a hacking inclination does pull it off.
A recent study claimed that the rate of attacks against businesses is increasing dramatically, “costing corporations an estimated $50,000 to $100,000 per hour.” A 24-hour outage can cost companies tens of millions of dollars, so it’s no surprise that DDoS defense is big business. San Francisco start-up CloudFlare is a billion dollar company today because of its ability to protect websites.
Add all those dollars up and you begin to see the kind of money at stake, and that’s on the defensive side.
Dirt Jumper, the popular Russian DIY DDoS kit linked to multimillion-dollar attacks on banks, is a simple tool that lets hackers launch effective DDoS attacks for fee of just $150. It requires nearly no expertise to purchase and use such a DDoS kit, making them one of the most attractive options for unskilled attackers.
This summer, security researchers at Arbor Networks began spotting a new weapon in the wild called Dirt Jumper Drive. Drive is smart technology that can identify, trick, and bypass DDoS defenses that can cost hundreds or thousands of dollars per month to maintain.
Attackers give their bots “instructions … to identify, and trick, anti-DDoS cookies, redirection methods, and meta tags used for redirecting malicious IP traffic,” Phil Annibale at Cyveillance wrote.
These smarter botnets avoid detection and increase success rates by first identifying defenses, slipping in undetected and delivering the payload.
“Drive has certainly been ambitious with its targets,” Arbor Networks’ Jason Jones wrote, Hackers have used the tool to target an “online retailer, search engine, a popular security news site and some foreign financial institutions” with a mixed success rate, according to Jones.
DDoSing certainly isn’t going anywhere. According to a recent report, there have been 33 percent more DDoS attacks in 2013 than in 2012–and they’re longer, stronger and more sophisticated attacks. Outside of heists, DDoSing even has its place in cyberwar: last month, China’s .cn domain suffered the largest denial of service attack the country has ever faced.
On this battlefield, the advantage is with the attacker.
Illustration by Jason Reed
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.