Get a free application, infrastructure and malware scan report - Scan Your Website Now

Has DDoS become the hacker’s No. 1 choice of attack?

Posted DateJune 27, 2014
Posted Time 3   min Read

Is June turning out to be the month of DDoS attacks? DDoS attacks on Evernote, Feedly, World cup websites, again Feedly, Hong Kong Voting Site…and so the list runs…prevailed. The peak of the list was attained when the social media giant, Facebook, went down for half an hour, during early hours of 19th June/Thursday last week purportedly due to a DDoS attack. This resulted in the longest downtime in the recent history of Facebook, which ensured a mass panic on the internet with people turning to rival social sites Twitter and G+ to vent their ire. A simple message greeted everyone from Facebook, which said “Sorry, something went wrong. We’re working on getting this fixed as soon as we can.” Many cited the DDoS attack to be the cause behind Facebook’s 30-minute downtime, while Facebook called it an internal software configuration error.

Let us give you an insight into what a DDoS attack actually is. A distributed denial of service attack is one in which a multitude of compromised computers attacks a single target, thereby stalling traffic for the legitimate users of the targeted system. The large flow of requests from the compromised systems, to the targeted system, essentially forces the target system to shut down or report as out of service due to bandwidth issues, thereby paralyzing the targeted system.

Major Online Biggies Victim of DDoS Attacks

DDoS attacks have rapidly become hacker’s choice of attack, with evidently many major businesses falling at the receiving end. On June 10th, Evernote, popular note-taking and web clipping saving service, became a victim of a similar attack. As a result, members were unable to synchronize their filings. The very next day, Feedly, the very popular news aggregator which provides content from various online sources at one place, was attacked. It was again, a DDoS attack, which caused the service to be unavailable for hours together. These attacks involved a demand for ransom from the attackers to which Feedly refused. At 3:07 PT, Feedly announced that the attack had been neutralized, but within hours of this, the site reported being under fire again. They were targeted by a second DDoS attack, which again caused their site to go down.

DDoS Attacks Hit the World Cup!

While football fever struck worldwide, a major DDoS attack struck the official government World Cup website, which went down for more than a day. The latest name in this list of distributed denial-of-service victims was of Hong Kong Democracy Poll, where an attack was fended off by diverting most of the traffic to sinkholes. But the problem with sink holing or black-holing is that though it diverts the traffic to a sinkhole where it is discarded, segregation between good and bad traffic cannot be done. This means that all traffic, whether good or bad, is discarded. While distributed denial-of-service is bad news for organizations, resorting to sink holing cannot be considered as an alternative.

Can You Protect Yourself Against DDoS Attacks?

Special DDoS prevention boxes can be used to thwart high-speed DDoS attacks. Many of them connect to routes upstream to figure out the origin of the distributed denial-of-service attacks and then block them. DDoS attacks can take place at both the network level and the application level. A network firewall can be used to block the traffic in case the DDoS attack is at the network level. At the application layer, technology as the only solution to block DDoS attack is very risky but can be used effectively as a suspicious distributed denial-of-service alerting mechanism with targeted rules and with human intervention for analyzing and if it is indeed a distributed denial-of-service, taking action to block it. A Managed WAF with DDoS prevention rules with right thresholds configured for raising alerts along with human intervention to act on those alerts, can be used to block the traffic in case the DDoS attack is at the application level. In other words, your WAF vendor manages the incoming traffic by its behavior profiling, which is done with the help of manual intervention. Once this is done, the appropriate security policies can be applied to mitigate a DDoS attack.

The fact that such popular websites were taken out, is evidence of the complexity level to which the cyber-attacks are increasing. It’s time we up our ante again such threats.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

DDoS Protection Best Practices
17 Best Practices to Prevent DDoS Attacks

Protect your business from DDoS attacks with multi-layered DDoS defense, proactive threat modeling, rate limiting, geo-blocking, deploying WAF and so on.

Read More
URI-based-DDoS-Protection
URI-Based DDoS Protection for AppTrana

With AppTrana’s Behavioral DDoS Protection feature, you can tackle all the curve balls that attackers throw at you. Learn how.

Read More
Mitigate DDoS Attacks
How Automation Can Be Used To Mitigate DDoS Attacks?

DDoS attacks have been rising exponentially over the years. Automation must be effectively and efficiently leveraged by businesses to mitigate DDoS attacks.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!