Salted Hash — IT security news
About this Blog:
IT security news analysis, over easy!
'Nothing new' in DDoS attacks
Two friends from Akamai take issue with the idea that there's something new about the nature of DDoS attacks targeting U.S. Bank, Wells Fargo and others.
The "new twist on DDoS" mentioned in our story "Hacktivists strike U.S. Bank with volunteer-powered DDoS" is impressive and all. But it's not new. Not even close, two old friends from Akamai told me on Twitter this morning.
Also see: The DDoS attack survival guide
In the story, writer Antone Gonsalves described the "new twist" this way:
Rather than launch the attack from a network of compromised machines, called a botnet, the attackers are apparently using volunteers, said Atif Mushtaq, a security researcher at FireEye. Participants go to either one of two file-sharing sites and download a program written in a scripting language. Once the program is running, a person only has to click on a "start attack" button to send continuous requests to the target's website. This method makes it more difficult for authorities to stop the attack, because there are no control servers. "They know [servers] can be blocked very easily," Mushtaq said.
To that, Akamai CSO Andy Ellis (@csoandy) told me in a tweet, "Thrallnets aren’t at all new. LOIC was the most recent incarnation, but it’s been happening for years."
Added Akamai Security Evangelist Michael Smith (@rybolov), " ByteDoS, ping floods, and wget loops ... people used to DDoS IRC all the time to cause a netsplit and take over channels."
The attacks have generated a lot of headlines in recent days, and the folks at Akamai aren't the only ones critical of the coverage.
In the story "Islamic hacktivists' bank attack claims gain credibility," Taylor Armerding quotes Gary McGraw, CTO of Cigital, who said he is a bit puzzled at all the interest in the recent wave of attacks. "These sorts of attacks happen all the time," he said. "I'm not sure why there seems to be more interested in these."
[Related stories: Banks can only hope for the best with DDoS attacks | Wells Fargo recovers after site outage | Theories mount on bank attacks, but experts stress defense | Arab hackers attack Western websites over film | Best defense against cyberattacks is good offense, says former DHS official]
Previous Post: CSA releases new IAM guidanceNext Post: #FFSec: Security pros to follow on Twitter, Sept. 28
WEBCAST
Transition Confidently to the Cloud
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
WHITE PAPER
Magic Quadrant for Enterprise Information Archiving
Gartner evaluates vendors offering products and services that provide archiving for email, files and other content types.
Recent Comments
Webcasts
White Papers
