So-called “burst attacks” are a rising threat to organizations as they grow in complexity, frequency and duration. In fact, one study found that 42 percent of organizations experienced this type of distributed denial of service (DDoS) attack last year, Cisco said in a new report.
Responding to the report, Corero Network Security CEO Ashley Stephenson offered an explanation for the trend: “Corero’s ongoing in-depth DDoS research suggests that a more likely reason for the use of ‘bursting’ observed in pulsed DDoS attacks is the timesharing or multiplexing of attack botnets, most probably between two or more simultaneous customers of a DDoS-for-hire booter/stresser service,” Stephenson said.
In fact, a single 200G botnet could be used to attack multiple victims at once in “200G burst mode.” As a result, a DDoS-for-hire service could sell full-power pulsed attacks to multiple customers at the same time. To accomplish this type of attack, the pulsed DDoS botnet simply hits each of the multiple victims for a burst period every few minutes.
A “burst attack” affects different organizations in different ways. A business that presents web pages for information may find the attack to be an inconvenience. But organizations where session integrity and continuity is crucial to service access, monetization and customer loyalty – such as online banking, gaming and streaming – a “burst attack” could be as devastating as a continuous, non-pulsed attack.
In the end, organizations should not underestimate “burst attacks.”
“We are observing that the attack capability of well-managed, pulsed botnet DDoS can be many times more damaging as many in the industry might think,” Stephenson said.
The report also found that many new domains are tied to spam campaigns. Approximately 60 percent of the malicious domains Cisco analyzed were associated with spam campaigns.
In addition, the report found that the cloud can provide security as a key benefit, and that the use of on-premises and public cloud infrastructure is growing.