Symantec unveils DDoS attack research at GITEX 2014

The number of Distributed Denial of Service (DDoS) attacks are increasing with the majority of incidents lasting less than 24 hours, indicating cyber criminals are more sophisticated and using a more intense, targeted approach, according to new global research from security experts at Symantec. The research highlights were released early, exclusively for GITEX Technology Week, one of the largest ICT events in the Middle East.

Gordon Love, Regional Director for Middle East, Turkey and Africa, Symantec.
Gordon Love, Regional Director for Middle East, Turkey and Africa, Symantec.

The findings indicate that the UAE and KSA appeared in the global top 50 ranking of countries that have witnessed the highest volume of ‘originating DDoS traffic’, listed at 45 and 28, respectively, with less than 1 percent of global attacks during the eight months of analysed data. India topped the ranking with 26 percent of all DDoS traffic deriving from the country, while the USA claimed the second spot.

The study entitled, “The Continued Rise of DDoS Attacks,” was conducted by Symantec’s Security Response team of engineers and analysts who evaluated global data between the period of January to August 2014 based on the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second in over 157 countries and territories.

Research Highlights:

  • DDoS services for hire for less than $10 USD: So called “Booter” services can be hired for as little as 20 AED ($5 USD) to perform DDoS attacks for a few minutes against any target. Longer attacks can be bought for larger prices. They also offer monthly subscription services, often used by gamers to take down competitors.
  • DDoS attacks are getting shorter but more intense: The bandwidth used by DDoS attacks is increasing year over year. In 2014, Symantec observed the first attack to peak at 400 Gbps, whereas in 2013 the maximum reached was at 300 Gbps.
  • Increase of Linux server hijacking for DDoS botnets: 2014 saw an increase in the compromise of Linux servers, including those from cloud providers. These high bandwidth servers are then used as part of a botnet to perform DDoS attacks.

DDoS attacks, whilst not a new attack vector, have proven to be effective and sometimes devastating for organizations. The attacks attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A Domain Name Server (DNS) amplification attack is a popular form of DDoS, which floods a publically available target system with DNS response traffic. Symantec’s research indicates that DNS amplification attacks have increased by 183 percent from January to August 2014.

A few weeks ago, the Bash bug, dubbed ‘Shellshock’, sent shockwaves across the globe. Within days of the bug being disclosed, cyber criminals were using the bug to install malware code onto servers and used these botnets to orchestrate a series of DDoS attacks.

Gordon Love, Regional Director for Middle East, Turkey and Africa, Symantec, said: “Whilst it’s encouraging to see UAE and KSA appearing lower on the country ranking list, potentially due to the higher level of cyber security awareness within this region, the latest episode proves that governments, businesses and consumers alike are susceptible to sophisticated cybercrime. As the technology community descends on Dubai for GITEX, Symantec is re-committing its support in helping our customers and partners in this region by better aligning solutions that make it simple to be productive and protected at home and work and keep businesses safe and compliant.”

Symantec’s research further highlighted the motivations behind the popularity of DDoS Attacks, indicating it has become the method of choice for hacktivist and cyber gangs. In the Middle East, prominent hacktivist groups use DDoS attacks to generate maximum publicity to their cause and garner media attention.

In June 2014, hacktivist group ‘Anonymous’ threatened to launch sophisticated cyber-attacks against petrochemical companies and the oil-rich governments, including those in Saudi Arabia, Kuwait and Qatar. Elsewhere, Symantec revealed DDoS attack motivations have been linked to: the threat of extortion and financial blackmail; online disputes between individuals; and as a diversion technique to distract IT security response teams while a targeted attack is completed.

Symantec provides the following recommendations for DDoS resiliency and to mitigate the resulting impact:

  • Have an incident response plan ready, know who to call
  • Verify server configuration, protect your server
  • Use a layered filtering approach, partner with external service providers
  • Build in scalability and flexibility
  • Know and understand your normal network behavior

Symantec will be located at Hall 6, Stand CLD-11 and will be available for individual interviews to provide further commentary on the DDoS research. Symantec experts will also be able to share the latest security and information protection knowledge and product portfolio.