Skip to main content

The evolution of DDoS attacks in 2015

As with most other cyber threats, the world of DDoS attacks seldom stands still, with new techniques constantly evolving to make them more effective and harder to defeat.

Security strategist Andrew Lemke, writing on the IBM Security Intelligence blog, has taken a look at some of the most significant DDoS developments of the past year.

April saw a major attack on the GitHub code sharing site. The attack originated in China and used a technique that unwittingly recruited users of Baidu - the world's fourth largest website - by injecting script into their browser sessions. This gave the hackers a large population of web users to boost their attack.

A similar amplification technique involves the use of BitTorrent to engage in distributed reflective denial-of-service (DRDoS) attacks. This has a number of advantages for the attackers, it's anonymous, plus it can be initiated by a single computer but still generate a large amount of traffic coming from multiple sources on the BitTorrent network. It also amplifies the original packet very well. The researchers who discovered the attack method state that the amplification factor can be as much as 120.

A potential form of attack that isn't yet in the wild is "temporal lensing" which sends packets by different routes but times them to arrive simultaneously in order to overwhelm the target system.

You can read more, along with tips for defending against DDoS attacks on the Security Intelligence blog.

Photo Credit: Fabio Berti/Shutterstock