Why Cyber Attackers are Still Defeating Your Network Security

Nearly, two years ago I questioned the myth: does size really matter? and now it’s time to revisit the issue and also look at some of the changes occurring in the cybercrime scene.

The big myth of 2012 was that organizations need to prepare for enormous attacks. The attack on Spamhaus in 2013 supported this claim. The DDoS attack on Spamhaus, an international non-profit dedicated to battling spam, is considered one of the largest in Internet history — reaching 300Gbps. The massive size of this attack created a changed perspective on cyber threats, one usually reserved for financial debt.  When debt is reasonable, it’s your problem. When the debt is huge, it’s everyone’s problem.  With the Spamhaus attack – it was so massive – it threatened the integrity of the Internet infrastructure – and this became everyone’s problem.

In nearly 100% of DDoS attack cases the victim’s network infrastructure was designed to process the excessive traffic, yet it failed to maintain application availability. To understand why this occurs, let’s take a look at what has changed in the last two years and the ways cybercrime has evolved.

Attacker Disguise Themselves

Attackers have learned that most mitigation tools are using the black listing of IP addresses to block botnet-based attacks. They overcome this black listing by launching attacks with dynamic IP addresses, or use proxy servers, CDNs, anonymizers or encrypted communications to avoid detection.

Web Stealth Attacks

Web Stealth Attacks are a set of DoS/DDoS attack vectors that include brute-force attacks (e.g. attacks on the login page), file upload violations, SSL encrypted application attacks and more.

An example, which does not gain much media attention, despite its frequency increase is the login page attack.  Login page attacks embody the concept of the weak link.  Organizations invest in network security to protect their web servers and applications; they settle on demand capacity allocation plans to address accidental traffic growth; however securing the login servers is not always addressed properly.  Attackers overwhelm the login servers with relatively low volumes of login requests – in an effort to deny service from legitimate users.

Figure 1: attacks on login page are highly destructive – based on SSL to evade detection; exploits the limited resources of the login servers.
Figure 1: attacks on login page are highly destructive – based on SSL to evade detection; exploits the limited resources of the login servers.

Attackers Bypass CDN Protection

The Content Delivery market is expanding. While Content Delivery Network (CDN) solutions are being widely adopted by content providers (e.g. media companies, content aggregators, etc.), other verticals have started to use CDNs as a content-caching mechanism to provide a better user experience. Hackers overcome the powerful cache offloading mechanism, which is the core of CDN solutions, by asking for dynamic content. Using this method, attackers build attack tools that go below CDN radar and manage to saturate the application servers (in the data-center).

Figure 2: attackers bypass CDN protection  by asking for dynamic content.
Figure 2: attackers bypass CDN protection by asking for dynamic content.

Source: Global Application and Network Security Report 2013, Radware.

Change is headed your way whether you’re prepared or not and DoS/DDoS attacks are the weapon of choice.  These attacks are regularly increasing in severity and complexity, so if you’re looking for more insight to help detect, mitigate and win this battle, I invite you to please download the 2013 Global Application and Network Security Report.  It’s a great resource to learn how attackers are bypassing new mitigation tools and also offers information on what features you should look for in DoS/DDoS protection.

Like this article? Receive similar articles by subscribing to our blog today!

Ron Meyran

Ron Meyran leads the marketing activities, partner strategy and Go-to-Market plans for Radware’s alliance and application partners. He also works to develop joint solutions that add value proposition and help drive sales initiatives – designed to increase visibility and lead generation. Mr. Meyran is a security and SDN industry expert who represents Radware at various industry events and training sessions. His thought leadership and opinion pieces have been widely published in leading IT & security industry magazines and he holds a B.Sc. degree in Electrical Engineering from Ben-Gurion University and a MBA from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center