Skip to main content

The evolution of DDoS attacks in 2015

As with most other cyber threats, the world of DDoS attacks seldom stands still, with new techniques constantly evolving to make them more effective and harder to defeat.

Security strategist Andrew Lemke, writing on the IBM Security Intelligence (opens in new tab) blog, has taken a look at some of the most significant DDoS developments of the past year.

April saw a major attack on the GitHub code sharing site (opens in new tab). The attack originated in China and used a technique that unwittingly recruited users of Baidu - the world's fourth largest website - by injecting script into their browser sessions. This gave the hackers a large population of web users to boost their attack.

A similar amplification technique involves the use of BitTorrent to engage in distributed reflective denial-of-service (DRDoS) attacks. This has a number of advantages for the attackers, it's anonymous, plus it can be initiated by a single computer but still generate a large amount of traffic coming from multiple sources on the BitTorrent network. It also amplifies the original packet very well. The researchers who discovered the attack (opens in new tab) method state that the amplification factor can be as much as 120.

A potential form of attack that isn't yet in the wild is "temporal lensing" (opens in new tab) which sends packets by different routes but times them to arrive simultaneously in order to overwhelm the target system.

You can read more, along with tips for defending against DDoS attacks on the Security Intelligence blog (opens in new tab).

Photo Credit: Fabio Berti (opens in new tab)/Shutterstock (opens in new tab)

Ian Barker worked in information technology before discovering that writing about computers was easier than fixing them. He has worked for a staff writer on a range of computer magazines including PC Extreme, was editor of PC Utilities, and has written for TechRadar, BetaNews, IT Pro Portal, and LatestGadgets.