Lately the headlines have been all about the massive DDoS attacks. The record-breaking, Twitter-downing, internet-angering behemoths powered by unwieldy Internet of Things botnets. Given the kind of destruction these attacks are capable of, the media attention is not unwarranted. The problem is that bigger attacks are garnering all the attention from online security measures as well, and the short and low-volume attacks that have been steadily gaining steam are all too happy to fly under the radar. What they lack in size they make up for in very bad intentions.
A Steady Increase in Small Attacks
Security firm Imperva Incapsula, specialists in providing protection against DDoS attacks, noted the high numbers of short burst, low-volume attacks in all four quarters of 2016 and by the final quarter of the year 89 percent of attacks mitigated by the firm lasted less than one hour and 78 percent lasted less than 30 minutes. This is a trend that carried over into the first quarter of 2017 and intensified, with over 90 percent of attacks dealt with by Incapsula lasting less than 30 minutes.
A recent report indicates that even small attacks are starting to scale down, with over 70 percent lasting less than ten minutes, and nearly 80 percent weighing in at under 1 Gbps. These attacks are so small they could even have security professionals shrugging – attacks of that size aren’t even significant enough to be detected by many security measures.
Two Big, Bad Reasons
A DDoS attack is a distributed denial of service attack, which is one that traditionally aims to keep users from accessing a website or online service by overwhelming that site or service with malicious traffic and knocking it offline. However, that doesn’t seem to be the goal of the attackers behind these pint-sized strikes. There are two main reasons attackers might be using these small, non-denial of service DDoS assaults, one of which causes immediate pain and the other designed to lay the groundwork for future damage.
While attacks smaller than 1 Gbps and lasting fewer than 10 minutes aren’t big enough to cause the kind of user-disrupting damage DDoS attacks usually do, in many cases they’re just the right size to take an intrusion prevention system or firewall offline. This gives attackers the opportunity to infiltrate a network and commit some truly dirty deeds including the installation of malware or data theft, all without raising a single red flag.
The increase in quick hit attacks may also be a harbinger of horrible things to come, with security experts positing that these attacks are being used to check for network vulnerabilities or test out new DDoS attack techniques without being detected. If these attacks are indeed a test phase, the internet at large should be seeing the results rolled out at an industrial scale in the next few quarters.
Tiny Attack Takeaways
There are important security lessons to be learned here, and it’s best they be learned before these attacks accomplish everything they intend to.
- DDoS detection thresholds need to be lowered to sound the alarm at suspicious traffic that never tops 1 Gbps, even if an attack of that size could not affect a website’s online status.
- Whether one of these small attacks is succeeding or not, security needs to be taking a careful look around at everything else that’s happening on the network. Ensuring accessibility for users is highly important, but so is protecting their data, so don’t let these red herring attacks do exactly what they’re trying to do.
- There’s a reason managed DDoS services are becoming such a necessity for websites and businesses of all sizes. DDoS attacks are constantly shifting and evolving to evade security measures and do an ever-increasing amount of damage. Let’s face it, when the security of far too many websites are inadequately prepared to deal with these small attacks, the massive bandwidth gobbling attacks will make their return, and it will be triumphant.
Read more about keeping your company's data secure at TechCo