Large Scale DDoS Attack May Have Used New Tactics
A DDoS attack, or Dedicated Denial of Service, interrupts the service a website or network is able to offer, usually by overloading servers with communication requests. In basic terms, the attackers send so much fake traffic to a server that it can’t function normally. As Zeljka Zorz reports for Net-Security, one recent DDoS attack used previously unknown methods to take down more than 300 domains.
The target of the attack was Namecheap, a web hosting service and domain registrar. The fact that a hosting company was the target of an attack isn’t noteworthy. Namecheap has a platform spread across three continents and claims that their infrastructure protects them against nearly daily DDoS attacks. This most recent and successful attack was bigger and different than any previous attempts, however. After overwhelming DNS servers, performance became sluggish or completely unavailable for more than 300 of their hosted domains.
Namecheap estimates the attack to be over 100 gigabits per second, which refers to an extremely high data transfer speed. While other attacks have been observed at 300 or even 400 Gbps for a brief time, the DDoS attack against Namecheap is still considered one of the largest in history. It would have to be to overwhelm such a large scale operation.
Even for a company with a robust security infrastructure and planning in place, this attack knocked them offline for about three hours, which usually equates to thousands of dollars in lost revenue for the affected domains.
DDoS attacks have been growing more common recently and have also improved their tactics. Reflection attacks, which allow for the exploitation of vulnerable servers to multiply the scale of an attack, have grown in popularity and made DDoS attacks more successful.
Specific details of the Namecheap attack have not been released, but from the description, it seems that another new tactic has surfaced.
If a company like Namecheap is vulnerable to DDoS attacks, every company has reason to worry. For help improving your company’s security infrastructure, call Geek Rescue at 918-369-4335.
February 21st, 2014