DDoS is not merely bandwidth flood, but also focuses on the latest vulnerabilities of web applications
Hong Kong (PRWEB) July 21, 2012
“Zero-Day attacks will be the megatrend of DDoS attacks,” noted Frank Tse, Research Manager of Nexusguard, at the recent Hacker in Taiwan Conference (HITCON). “DDoS attacks are going to become more creative, and will aim to target application layers instead of targeting bandwidth. Hackers nowadays are ‘Creative Attackers’ and no longer merely ‘Packet Crafters’.”
As Research Manager at Nexusguard- a premium Internet security service provider mitigating DDoS attack and web application attack- Frank predicts that the vast majority of future DDoS attacks will be Zero-day Attacks, focused on targeting application layers. “The volume of DDoS attack is up to approximately 900Mbits/sec, and we’ve found that application layer attacks can have a larger disruptive impact than volume centric attacks.”
"The next Internet wave is coming, and various services are vulnerable due to the proliferation of Web-based technologies,’ added William Guo, Security Researcher in Nexusguard. “Something the industry has missed is Mobile Apps, which are actually based on the web and thus totally at risk."
Frank and William were recently invited to speak at HITCON, on the theme of ‘DDoS - Yesterday, Today and Tomorrow’. "DDoS is not merely bandwidth flood, but also focuses on the latest vulnerabilities of web applications,” Frank said, at the start of his presentation on DDoS attacks, detections and mitigation trends.
In his speech, Frank noted the evolution and growing cohesiveness of DDoS attacks, with experts in diverse specialist fields forming teams to launch DDoS attacks. DDoS as a service provided by hackers was another highlighted trend: other than blackmailing, services such as DDoS repository attacks, or operating a DDoS ‘testing’ server could prove profitable to hackers, bringing a new level of threats to online businesses.
As a solution, businesses will have to employ proactive measures to prevent DDoS attacks, and evolve along with the threat. “We used to mitigate DDoS attacks when they has came”, said Frank. “But the future trend of mitigation will be more active. Through the use of tools such as Browser Authentication, Users Behavior Validation and Application Learning, we can detect and identify Bots, and eliminate them before they can attack.”
"DDoS attacks have become increasingly popular, with more open source DDoS tools available on the Internet. As such, no online service is exempt from the threat of a DDoS attack, and getting prepared for DDoS is fast becoming common practice among larger enterprises and SMEs."
Nexusguard, incorporated in 2008, is a premium provider of end-to-end, in-the-cloud Internet Security Solutions. Nexusguard delivers solutions over the internet to ensure that our clients enjoy uninterrupted web-service delivery to their users, by protecting them against the ever-increasing and evolving multitude of internet threats, particularly Denial-of-Service (DDoS) attacks, and other attacks directed at web application software.