The Rise of “Auto Attacks,” Step aside Botnets!


Well, in case you missed it, the world has been going to “hell-in-a-hen-basket” over the past two weeks. The weeks have distinguished themselves as having four major themes:

Attacks are Nearly Continuous Now

Today attacks on organizations (especially controversial ones) are non-relenting. Like rainy weather, the question is no longer if attacks (or rain) will occur, just only what level of intensity it will bring – – some of which is very devastating.

Tactics Have Changed and are Evolving

Types of attacks have historically lived in one of four attack type quadrants with the last type – – the Complex, Volumetric Attacks define the world we live in now:

  • Simple, Non Volumetric Attacks. Example: Typical Malware such as Zeus.
  • Simple, Volumetric Attacks. Example: Smurf Attack, SYN Floods
  • Complex, Non Volumetric Attacks: Example: Stuxnet. Four Zero-Day Threat wrapped into a worm with a goal
  • Complex, Volumetric. Example: Multi-Vector / Multi-Vulnerability Attacks such as those launched from Live Boot CDs or Tools such as LOIC, RefRef, R.U.D.Y., Metasploit, etc.

Anonymous is Using ‘Apparently Anonymous’ Attackers

In case anyone missed this, Group Anonymous has put code up at pastehtml.com (a free and anonymous HTML code-hosting site) which uses your web browser to launch LOIC DDoS attacks. Unlike past attacks, recently with “OpMegaUpload” and attacks on Israeli organizations, Anonymous appears to have not just relied on willing volunteers, but rather ignorant bystanders. “This time, things are slightly different: you only have to click on a Web link to launch a DDoS attack,” said Graham Cluley, senior technology consultant at Sophos, in a blog post. He said many of these links–which point to pastehtml.com–had been circulating in disguised form via Twitter, and warned that clicking on said links would execute a DDoS attack unless JavaScript was disabled (which is nearly impractical to accomplish) in the browser.

Content-Delivery-Networks (CDNs) Appear to be Targeted

During the past couple of weeks, we’ve witnessed that during the Israel Cyber Attacks, the attackers were using Dynamic URL’s to bypass CDN and setting “X-Forwarded-For to 127.0.0.1” (localhost) to attempt to bypass more advanced DDoS attack mitigation techniques.

So, bottom line, we are seeing highly complex, volumetric attacks rule the roost with a new tool / propensity for these attacks to be initiated by the ‘ignorant’ (bot-like, however needs a ‘drone like user’ to initiate) targeting predicated CDN responses and architecture flaws. No, it’s not the rise of the “Clones” – – it’s the rise of the Auto Attacks!

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center