DDoS Attacks Dominate News, Spark Calls for Regulation

Last week’s massive distributed denial-of-service (DDOS) attacks, which made popular websites and services inaccessible to users across the East Coast and elsewhere, has since led to widespread concern about insecure Internet-connected devices and calls for government agencies to get involved in order to ensure those devices are secured against future attacks.

2016-10-27_ddos2

In fact, the attack against DNS provider Dyn, which happened just six days ago, has already become the most talked about target tied to “service interruption” in all of 2016, according to SurfWatch Labs’ data.

Friday’s DDoS attack against Dyn is concerning for several reasons. First, reports have claimed the attack reached 1.2 terabytes per second. If true, that would make it the largest DDoS attack ever. Second, Dyn confirmed yesterday that the Mirai botnet was a primary source of malicious attack traffic. The source code for that botnet was made public earlier this month, and last week Level 3 Threat Research Labs said that the number of Marai bots it had observed had more than doubled since the code was released. Finally, some researchers have claimed the attack was carried out by amateur hackers, not sophisticated state-sponsored or financially-motivated actors.

That combination suggests that more attacks like the one against Dyn will occur in the future, adding to a trend that SurfWatch Labs has observed throughout the year of increased evaluated intelligence around the service interruption tag.

2016-10-27_ddos.png
The number of CyberFacts collected by SurfWatch Labs related to “service interruption” has steadily increased throughout the year, peaking with last week’s attack against Dyn.

The Marai-driven attacks have also put one company as the face of the Internet-of-Things problem, unfairly or not: XiongMai Technologies.

XiongMai Technologies is a Chinese electronic company that makes products used in a variety of brands, including DVRs and cameras tied to the recent DDoS attacks. XiongMai said on Monday that it would issue a recall of some of its U.S. products, although it’s unclear how successful that recall will be.

Like Yahoo, Wells Fargo and other companies tied to major cyber incidents this year, XiongMai Technologies and manufacturers of Internet-connected devices have now moved onto the radar of politicians and regulators. On Wednesday, Virginia Sen. Mark Warner sent letters to the  Federal Communications Commission, Federal Trade Commission and the Department of Homeland Security’s National Cybersecurity & Communications Integration Center about his “growing concern” over the “unprecedented” volume of DDoS attacks driven by the Marai botnet exploiting connected devices.

“[O]ver 500,000 connected devices were vulnerable to Mirai because of an exploitable component from a single vendor’s management software,” Warner wrote. “Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support.”

The letter continued: “DDoS attacks can be powerful tools for censorship, criminal extortion, or nation-state aggression. Tools such as Mirai source code, amplified by an embedded base of insecure devices worldwide, accomplish more than isolated nuisance; these are capabilities – weapons even – that can debilitate entire ranges of economic activity.”

Warner provided a list of questions on how to potentially deal with the issue of insecure Internet-connected devices, including ways to make consumers more aware of the risk, trying to work with ISPs to designate insecure devices and deny them connections to their networks, and establishing and enforcing minimal technical security standards.

“I am interested in a range of expert opinions and meaningful action on new and improved tools to better protect American consumers, manufacturers, retailers, Internet sites and service providers,” Warner said.

Being thrust into the spotlight is an unusual situation for XiongMai, a company whose brand tends to remain behind the curtain of its “white label” products, which are sold and then incorporated into other brands’ offerings. Accurately gauging the potential fallout to companies such as XiongMai is difficult, but it’s safe to say that no company wants to be referenced, even indirectly, as the poster child for “cheap, insecure” devices. However, the recent DDoS attacks powered by the Marai botnet — against Krebs on Security, OVH and now Dyn — are quickly on their way to becoming the most discussed cybersecurity stories of 2016, and XiongMai and other manufacturers of connected devices are along for that ride.

Weekly Cyber Risk Roundup: Internet of Things Sparks Security Concerns

There has been growing concern around distributed denial-of-service (DDoS) attacks this week as the source code for the Internet-of-Things (IoT) driven botnet “Mirai” has been publicly released by a user on Hackforums. The Mirai botnet has been tied to the recent massive DDoS attack against Brian Krebs website and is made up of a growing number of Internet-connected devices.

2016-10-07_ITT.pngThe botnet includes a variety of compromised home and small office items such as routers, DVRs and security cameras – many of which use default usernames and passwords. The IoT devices are aimed at users often more concerned about convenience than security, and as Brian Krebs pointed out, even if users do take steps to secure devices by changing default credentials the malware may still spread.

Cybercriminal actors may use botnets like Marai to create more powerful DDoS attacks against industries that are traditionally vulnerable to extortion, such as gaming and ecommerce, but the Marai source code release also empowers actors looking to disrupt organizations for ideological or political reasons. For example, Newsweek alleged it was the victim of such an attack this week when its website was hit with a DDoS attack after publishing a story claiming that one of Donald Trump’s companies violated the Cuba trade embargo in 1998. In part due to that attack, consumer publishing was the most discussed industry group associated with cybercrime over the past seven days.

With Marai added to the growing list of free tools available to actors, expect to see more DDoS attacks like the ones against KrebsOnSecurity and Newsweek, which appear to be aimed at silencing or punishing critics.

2016-10-07_groups

Other trending cybercrime events from the week include:

  • Another week, another list of companies hit with ransomware: Cloud service provider VESK paid £18,600 after being infected with a new strain of the Samas DR ransomware. The New Jersey Spine Center paid an undisclosed amount after a July CryptoWall attack encrypted all electronic medical records and the most recent backup as well as disabled the phone system. The forest department of the state government of Kerala in India was infected with ransomware known as RSA-4096. Urgent Care Clinic of Oxford is notifying patients that their data may have been compromised by what appears to be a ransomware attack. A “glitch” after a ransomware attack led the Marin Healthcare District and Prima Medical Foundation to notify more than 5,000 patients that some of their medical data has been lost, even though they paid the ransom.
  • Data exposed through mistakes and flaws: C&Z Tech Limited acknowledged that a database of more than 1.5 million user records was exposed online, but said that the leak was from a test database; however, ZDNet disputes that claim, writing that their own verification of the data found “no reason to believe that this is test or dummy data.” Census data on 96,000 employees of the Australian federal government was downloaded nearly 60 times before being removed from official websites.  A vulnerability discovered in the Charter Communications website could have exposed the personal information of customers. Customers of Ottawa marijuana dispensary chain Magna Terra Health Services had their email addresses exposed when an employee sent an email with 470 of their customers cc’d.
  • Alleged political dumps, both old and new: A hacker who goes by the name Guccifer 2.0 published an 860-megabyte file of donor information allegedly stolen from the Clinton foundation servers; however, a variety of news outlets have reported that the data appears to actually be from a previous hack of the Democratic Congressional Campaign Committee and the Democratic National Committee. Berat Albayrak, Turkey’s Energy Minister and son-in-law of President Erdoğan, is the week’s second highest trending new target (after Newsweek) on the heels of hacking group RedHack leaking 17 gigabytes of data, which the group said was stolen by discovering Albayrak’s mobile operating system, writing an exploit to steal his password, and gaining access to his iPad after several weeks of attempts.
  • More data breach announcements: Hutton Hotel is notifying customers of a payment card breach affecting guests who placed hotel reservations during the period from September 2012 to April 2015, as well as those who made purchases at the onsite food and beverage outlets from November 2015 to June 2016. Hackers gained access to computer systems at Wheeler & Egger, CPAs and used the information to fraudulently file 45 tax returns. Apria Healthcare, a provider of home respiratory services and other medical equipment, is notifying patients that an employee’s email account was compromised.
  • Out with the old hacktivists, in with the new: Federal authorities in Chicago have charged two suspected members of the hacking group Lizard squad for operating DDoS-for-hire websites. Although Lizard Squad has been quiet of late, other hacking groups continue to disrupt organizations. For example, OurMine defaced and deleted several articles on the BuzzFeed website in retaliation for a story claiming to have identified one of the group’s members as a Saudi teen called “Ahmad Makki.”

SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of those “newly seen” targets, meaning they either appeared in SurfWatch Labs’ data for the first time or else reappeared after being absent for several weeks, are shown in the chart below.

2016-09-30-ittnew

Insulin Pump Vulnerability and Other Advisories

The focus on IoT devices was prevalent throughout SurfWatch Labs’ data this week. In addition to all of the botnet-related discussion, Johnson & Johnson announced that a security vulnerability in its Animas OneTouch Ping insulin pump that could be exploited to overdose diabetic patients with insulin.

2016-10-07_advisoriesThe Reuters story cited medical device experts who claim this is the first time a manufacturer has issued such a warning to patients about a cyber vulnerability in their devices; however, the company’s letter to patients described the risk as “extremely low.”

“It would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping system is not connected to the internet or to any external network,” the letter said.

The issue, which was discovered by Rapid7 researcher Jay Radcliffe, is that a hacker can spoof communications between a wireless remote control and the insulin pump since that communication is not encrypted. About 114,000 patients use the device in the United States and Canada.

The company said that if patients were concerned, they could stop potential attacks by discontinuing use of the wireless remote control and programming the pump to limit the maximum insulin dose. Johnson & Johnson said it first reviewed the vulnerability with the FDA, which issued draft guidance on managing cybersecurity vulnerabilities in medical devices in January.

2016-10-07_advisories3

Other noteworthy advisories and cybercrime news from the week include:

  • 68 million stolen Dropbox credentials published online: The previously stolen database of more than 68 million user records has been published online by Thomas White on his I’m Cthulhu blog. Nearly half of the passwords are secured with the strong hashing function bcrypt, Motherboard wrote. The other half appear to use the older SHA-1 algorithm. The publication adds to the already massive list of now-public user credentials.
  • Vulnerability discovered in OpenJPEG: Cisco Talos researchers have disclosed a zero-day vulnerability in the jpeg2000 image file format parser as implemented in the OpenJpeg library. The vulnerability can lead to an attacker executing arbitrary code. “For a successful attack, the target user needs to open a malicious jpeg2000 file,” the researchers wrote. “The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.”
  • Users report suspected malvertising on Spotify: Users of Spotify’s free desktop streaming service are reporting strange behavior that is suspected to be related to malvertising. “If you have Spotify Free open, it will launch – and keep on launching – the default internet browser on the computer to different kinds of malware/virus sites. Some of them do not even require user action to be able to cause harm,” wrote one user. “I have 3 different systems (computers) which are all clean and they are all doing this, all via Spotify – I am thinking it’s the Ads in Spotify Free. I hope this has been noticed and Spotify staff are fixing it – fast.”
  • TalkTalk fined £400,000 over data breach: The UK’s Information Commissioner’s Office (ICO) has issued a record £400,000 fine to TalkTalk over a data breach that “could have been prevented if TalkTalk had taken basic steps to protect customers’ information.” In October 2015, a hacker used SQL injection to access the personal data of 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In more than 15,000 cases, bank account details and sort codes were also compromised. “The data was taken from an underlying customer database that was part of TalkTalk’s acquisition of Tiscali’s UK operations in 2009,” the ICO said. “TalkTalk failed to properly scan this infrastructure for possible threats and so was unaware the vulnerable pages existed or that they enabled access to a database that held customer information.”

SurfWatch Labs collected data on a variety of cybercrime advisories over the past week. Some of the trending practice tags associated with those advisories are shown in the chart below.

2016-10-07_advisoriestags

Weekly Cyber Risk Roundup: Ransomware Ups the Ante and Other Headlines

2016-09-16-ITT.png

Three of this week’s top four trending industry targets centered around DDoS attacks. Linode, which made last week’s roundup over reported DDoS attacks, was targeted once again. The cloud hosting company has seen DDoS attacks throughout the month, with the latest attack coming on September 13, according to company logs. Additionally, Brian Krebs’ website was hit with DDoS attacks after his reporting on the booter service VDoS led to the arrest of two young Israeli men who allegedly ran the cybercrime-as-a-service operation.

Trending new data breaches and cyber-attacks recently observed in SurfWatch Labs’ data are shown below.

2016-09-16-ittnew

Noteworthy cybercrime events from the past week include:

    • Variety of New Breaches Reported: Dutch news sources are reporting that hackers have stolen 22 gigabytes of data from municipal servers in Almelo, though at the moment it is unclear what data may have been compromised. London-based VoIP Talk is emailing customers about a potential breach after discovering “attempts to exploit vulnerabilities in our infrastructure to obtain customer data.” The paid-to-click site ClixSense suffered a data breach in which a hacker exposed 2.2 million subscriber identities and put another 4.4 million up for sale. The Exile Mod gaming forum website was hacked and the personal details of nearly 12,000 users was posted online by a group going by the name “Expl.oit.” EurekAlert!, which is used to distribute scientific press releases, temporarily shut down their website after a breach compromised usernames and passwords and two embargoed news releases were prematurely released. The personal information of 29 Olympic athletes has been stolen from the World Anti-Doping Administration. Finally, a data breach at Regpack, an online enrollment platform serving the private education industry, has led to 324,000 people having personal information exposed.
    • More Extortion Attacks: A hacker attempted to extort Bremerton Housing Authority in Washington for 6 bitcoins (around $3,700) after gaining access to its website and stealing a database of 1,100 client names and the last four digits of Social Security numbers. University Gastroenterology in Rhode Island is notifying patients of a data breach after what sounds like a ransomware attack. In its notification letter, it wrote that an unauthorized individual had gained access to an electronic file storage system from  Consultants in Gastroenterology, which it acquired in 2014, and “encrypted several files.”
    • Political Parties Continue to be Targeted: State Democratic Party officials are being breached and impersonated by hackers, according to a warning from the Association of State Democratic Chairs. The message urged recipients to avoid searching the leaked DNC information posted by WikiLeaks due to concerns over malware being embedded in the links. Additionally, a “serious misconfiguration” on Donald Trump’s website exposed the resumes of prospective interns, according to security researcher Chris Vickery.
    • Stolen Laptops Continue: M Holdings Securities, a subsidiary of M Financial Holdings, had a password-protected laptop with information on 20,000 clients stolen from the trunk of an employee’s car on July 29. Roughly 2,000 of those clients had Social Security numbers potentially compromised. U.S. Healthworks began notifying 1,400 patients of a data breach earlier this month after a laptop and the laptop’s password were stolen from an employee.

Other Noteable Cyber Risk News

2016-09-16-RiskScores.png

This week saw little movement among most sectors’ overall cyber risk scores. Other Organizations – which includes groups such as political parties, schools, and charities – saw the week’s biggest rise in risk, up 1.6%.

Ransomware was at the forefront of much of the week’s cybercrime news. CBC News reported that a school board and a support group for cancer patients, both in Canada, were infected with the Zepto ransomware, and the actor behind the attack demanded $20,000 in payment to decrypt the files. Those high prices may become more commonplace, the FBI warned in an alert published on Thursday. Recent ransomware variants have been seen targeting vulnerable business servers rather than individual users, and the actors behind these targeted attacks have been upping their ransom demands as the data they encrypt grows more valuable.

“This recent technique of targeting host servers and systems could translate into victims paying more to get their decryption keys, a prolonged recovery time, and the possibility that victims will not obtain full decryption of their files,” the alert warns. “Recent victims who have been infected with these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after payment.”

The FBI isn’t the only government agency warning of the threat. In July, the Department of Health and Human Service stated that PHI being encrypted by ransomware qualifies as a “breach” in most circumstances, and FTC chairwoman Edith Ramirez warned this week that “a company’s unreasonable failure to patch vulnerabilities known to be exploited by ransomware might violate the FTC Act.”

It’s worth taking a moment to review this week’s advice on combatting ransomware from the FBI alert:

  • Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
  • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
  • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
  • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
  • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
  • Disable macro scripts from files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
  • Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

Tracking the exact number of ransomware victims is difficult, the FBI said, since many attacks go unreported. The FBI is urging victims to report ransomware incidents regardless of the outcome so that they can better understand who is behind the attacks and how they operate.

DDoS Attacks Trending Over the Last 30 Days

DDoS attacks are growing in size and sophistication, says a new report from Arbor Networks, and those attacks have continued to impact a variety of organizations over the past few weeks.

According to Arbor networks, a current average-sized DDoS attack is capable of taking down almost any organization’s server at about 1 Gbps. The average attack size in the first half of 2016 was 986 Mbps, which was a 30% increase over 2015. It is project that the average size of a DDoS attack will reach 1.15 Gbps by the end of 2016.

Some highlights from the report include:

  • An average of 124,000 DDoS events per week over the last 18 months.
  • A 73% increase in peak attack size over 2015, to 579 Gbps.
  • 274 attacks over 100 Gbps monitored in the first half of 2016 compared to 223 throughout all of 2015.
  • 46 attacks over 200 Gbps monitored in the first half of 2016 compared to 16 throughout all of 2015.
  • The U.S., France and Great Britain are the top targets for attacks over 10 Gbps.

Lastly, reflection amplification attacks have continued to grow in popularity. The majority of larger DDoS attack utilize this technique by using attack vectors such as DNS servers. Because of this, DNS was the most used protocol in 2016, taking over from NTP and SSDP in 2015, according to the report. The highest recorded reflection amplification attack size during the first half of 2016 was 480 Gbps.

DDoS attacks have been conducted for monetary gain, notoriety, retaliation, and even for personal pleasure.

Trending DDoS Attacks

Over the last couple weeks, many organizations have been targeted with DDoS attacks. The most talked about DDoS attack over the last 30 days is tied to the controversial and very popular Pokemon GO. A group called PoodleCorp claimed credit for the attack, with a motivation very similar to another infamous hacking group called Lizard Squad — they did it for the LULZ.

2016-07-21_DDoS

Not all the recent DDoS attacks were done for the LULZ, as many appear to be out of retaliation for past events. Here is a breakdown of some of the top trending DDoS attacks over the past 30 days.

Pokemon GO Server
On Saturday, July 16 a DDoS attack took down all Pokemon GO servers, which left many players unable to hunt for their Pokemon. The group behind the attack is a newer hacktivist group known as PoodleCorp. The servers were down for several hours before reestablishing a connection for players.

On July 18, the Pokemon servers were hit with another DDoS attack, this time from the group known as OurMine. The group said that “no one will be able to play this game till Pokemon Go contact us on our website to teach them how to protect it!”

On July 20, PoodleCorp announced plans for an upcoming attack against the Pokemon servers that is scheduled for August 1.

MIT
Security researchers have discovered more than 35 DDoS attacks targeting the Massachusetts Institute of Technology (MIT) so far in 2016. The attack vectors used in these campaigns involved devices vulnerable to reflection and amplification attacks and spoofed IP addresses. It appears the bulk of attacks were carried out using booter or stresser services. Stresser services are a concern for organizations and the proliferation of DDoS attacks, as the cost to utilize these services are often extremely low.

Philippines Government Websites
The Filipino government announced this week that 68 separate websites tied to the Philippines government were hit with DDoS attacks. The attacks started July 12 and carried over to the next few days.

It is believed that China is responsible for the attacks as they correspond with a ruling made by the Permanent Court of Arbitration at the Hague in the Netherlands that favored unanimously for the Philippines over China. The ruling was over newly created islands located in the West Philippine Sea that China claimed even though those islands were in Philippines’ maritime territories.

Some of the government websites affected by the DDoS attacks were also defaced, signed with the words “Chinese Government.” There is no actual evidence at this time that China was behind the attacks, but it appears this is likely the case due to the extremely tense international relationship between the two countries.

Steemit
The social network Steemit announced on July 14 that an unknown attacker was able to hack into user accounts and steal the crypto-currency known as Steem Power and Steem Dollars. More than 260 users were affected by the attack, and about $85,000 of the crypto-currency was obtained.

In response to the attacks, Steemit fixed the issue and restored all stolen funds to the users. As soon as the company made this announcement, it was targeted with a DDoS attack. The attack did little to affect the social network, as the company used the attack as an opportunity to take down its servers for maintenance and other upgrades.

WikiLeaks
WikiLeaks servers suffered a DDoS attack last Monday that lasted through Wednesday. The DDoS attack appears to be in response to WikiLeaks’ announcement of an upcoming data dump belonging to Turkey’s biggest political party — AKP (Justice and Development Party).

The cache of data contained 300,000 emails and 500,000 documents that belonged to the party. The announcement came three days after the failed military coup in Turkey which saw the deaths of 208 people.

The DDoS attack prevented WikiLeaks from posting the information. As of July 20, WikiLeaks servers were back online and the data was released.

U.S. Congress Websites
The U.S. Congress website along with two adjacent websites — the U.S. Library of Congress and the U.S. Copyright Office — were the victims of a DDoS attack that lasted for three days. The attack started with the Library of Congress website on the evening of July 17 and slowly enveloped the other websites over the next couple of days.

As of Wednesday the websites are up and running normally. It is not known who is behind the attack or what the motivation for the attack was.

Brazil
A Rio court in Brazil was the target of a DDoS attack perpetrated by Anonymous. The attack took place on Tuesday and only lasted a few hours. Anonymous attacked the Rio court for its decision to block the controversial Whatsapp throughout Brazil. The decision told ISPs to block the app, and Brazil’s five major ISP operators — Claro, Nextel, Oi, TIM, and Vivo — all complied with the order.

The tensions between WhatsApp and Brazil go back to February 2015 when Whatsapp was unable to help Brazilian law enforcement by decrypting messages sent over the social network. Brazilian courts have fined and temporarily banned Whatsapp, arrested a Vice President for Facebook Latin America for being linked with the social network, and now a permanent ban is put in place. However, due to the Anonymous DDoS attack the Brazil court lifted the ban on Whatsapp.

 

Consumer Goods Sector Most Impacted By DDoS In 2016

The consumer goods sector has seen more chatter around DDoS than any other sector so far in 2016, according to data from SurfWatch Labs.

2016-04-20_ddos
The Consumer Goods Sector has seen the most DDoS-related CyberFacts this year, including attacks against Blizzard, the BBC, Ireland’s National Lottery, and many more.

The consumer goods sector has become a popular target for DDoS attacks, with new groups like DD4BC emerging on the scene and attempting to extort money from victims in exchange for not launching a DDoS attack against them. Retail stores – especially online retailers – make appealing targets for cybercriminals as they are more likely to pay a ransom demand to avoid service interruption due to the amount of money that could be potentially lost during a DDoS attack.

Gaming networks such as Steam, Xbox Live, and the PlayStation Network are popular targets. Last week, the infamous cyber group Lizard Squad launched a DDoS attack against Blizzard’s gaming servers, effectively taking the servers offline for a couple hours.

DDoS attacks are a popular method of cyber-attack due to their ease of execution and price point. There are DDoS-for-hire services on the web that can be utilized for just $38 per hour. This price is shockingly low considering companies have reportedly lost anywhere from $5,000 to $40,000 per hour during a DDoS attack.

DDoS will remain a popular trend in cybercrime. However, DDoS related CyberFacts have decreased since peaking in January 2016.

2016-04-18_ddos3
DDoS attacks against high-profile targets such as the BBC and Ireland’s National Lottery led to a surge in DDoS-related chatter in January 2016. However, the number of CyberFacts related to DDoS has since dropped. 

Layer 7 DDoS Attack Makes Headlines

Earlier this month, a humongous Layer 7 DDoS attack was spotted reaching 8.7 Gbps of bandwidth through the Nitol botnet, which set a new record for this specific type of DDoS attack. While 8.7 Gbps doesn’t seem like much of a figure compared to traditional DDoS attacks of over 100 Gbps, Layer 7 DDoS attacks are different.

A DoS attack is an attempt by a criminal or hacktivist group to make a computer or network resource unavailable. This is done by interrupting a host’s services that are connected to the Internet. The most common method of DoS is a DDoS attack. DDoS attacks use botnets –- an enslaved group of computers –- to push massive amounts of communication to a targeted server to achieve its goal of service disruption.

A Layer 7 DDoS attack has the same end goal as a traditional DDoS attack, except for a few small differences. It only needs to use a small amount of network packets to disrupt service as this will create massive server processing operations that will exhaust a target’s CPU and RAM resources. This means that a Layer 7 DDoS attack can be pulled off by sending only a few thousand requests per second.  

As recent DDoS attacks have shown, cybercriminals have a variety of different ways to disrupt services or attempt to extort money from organization. Businesses should be prepared for the possibility of these attacks and work with a reputable DDoS mitigation company if they are concerned about those risks.