The dark world of DDoS * *: the DDoS of my grandparents is in the past
mob604757044d68 2021-07-20 04:53:03

today , Distributed denial of service (DDoS) attacks have been similar to what we saw in infancy at the beginning of the millennium DDoS Different . They become more and more sophisticated and cunning , And the consequences are far more than server downtime .

stay DDoS The early days of the rise , Mass attacks are very popular . Attackers driven by political or economic factors can control thousands of “ chicken ” To attack a specific target , In order to shut down their servers . Although such attacks are common now , But more and more attackers are beginning to lean towards more complex attacks ——“ The diablo ”DDoS, It can also be called smoke attack .

Launch DDoS The purpose of the attack is to cover up the real attack , Stealing data .

A company specializing in research and simulation DDoS Attacking consulting firms Nimbus DDoS Express , In this mode , Attackers don't use denial of service to blackmail or retaliate against their targets ; contrary , It's just a way to get to the end . An attacker launching such an attack can mislead the administrator of the target organization , And occupy valuable time and resources, so that they have no time to take into account other security incidents occurred in the internal network .

It's an attack on people, not infrastructure . The key is to hold the staff of the target organization for as long as possible , And this is one of the most effective ways to completely paralyze the security operation and maintenance center with qualified personnel .

The diablo DDoS The attack is just to get rid of the visibility of the target's Network , Most of the time , Traffic peak will cause some abnormal behavior detection tools on the network equipment can not work effectively or completely fail . These devices usually have a threshold , If there's too much traffic, it can't continue to work , So these attacks escape filtering , By default, the device enters the target network .

Diablo technique

A dark scene DDoS Attacks are often a sign of a more complex crime . For the Engineer , Such an attack will mislead the target's judgment of other security incidents . If the attacker handles it properly , It can even change their infrastructure by forcing managers of target companies to deal with traffic problems , To produce unexpected results . in fact , In some cases , Network operators or security personnel do reduce their security in the process to cope with the peak traffic .

Unlike traditional attacks , The diablo DDoS 's attackers don't try to bring down the target through a devastating flood of traffic . Because offline makes the attack unable to continue . The diablo DDoS The characteristics of attacks are often different from those large-scale attacks against enterprises that we usually see , For example, often less than 1Gbit Attacks per second , To generate a large number of security incidents , And effectively cover up the invasion .

and , The diablo DDoS It's going to change over time DDoS How it works . Of course , We can still see hundreds of Gbit Attacks per second , But they're going to get smaller and smaller , More targeted and shorter duration . There are a lot of statistics showing that , Less than 1Gbit On the order of one second DDoS More and more attacks , exceed 95% The attack only lasted 30 Minutes or less .

The danger is not ‘ Denial of service ’, It's the attack itself .

The diablo DDoS Enough bandwidth for more complex intrusions with the main purpose of stealing data , And consume protection resources 、 Distract security personnel , To cover up the real attack .

And this kind of attack can avoid those used to deal with large amounts of DDoS Attack traffic cleaning technology , So we should put the dark DDoS Consider as a serious threat .

Real darkness DDoS What kind of attack ?

Most intrusions start by scanning the entire network to find a potential entry , And the scanning behavior is very easy to observe , So smoke attacks can be used to blur this behavior, making it hard for you to detect it .

Attackers will also use smoke attacks to hide their activities after entering the network . Because attackers don't know exactly what they're going to leave behind in the target's network environment . Need to know , It's easy to find out if you drag a customer database or a large amount of information assets from the target network . therefore , Used to cover up behavior “ smoke ” It will be very helpful .

Even if a “ smoke ” With the help of the , The attacker will also use network transformation techniques in the target organization , Keep trying to find the most effective way in the current network environment , It brings great difficulties to the security personnel of the protection system .

A few years ago , The researchers found a dark spot DDoS attack , To divert the attention of system administrators , And then in DDoS Under the cover of the attack , Using forged autopay transfers (ACH) Stealing money from an intruded account .

One of the most well-known Diablo DDoS Examples of attacks , Last year 10 What happened in the month TalkTalk Data breach event . In this incident , The attacker inundated the enterprise's website with a large amount of traffic , At a time when the staff are tired of coping , Enter the system to steal customer data . Similar to that , This August , The largest mobile phone retailer in Europe Carphone Warehouse After being inundated by a massive attack ,240 Personal data leakage of ten thousand customers .

Remain vigilant

But it's dark DDoS Attack is not everything , It can also be detected .

First of all, you need to know your own network services , Understand normal traffic . Some training can help the operation and maintenance personnel to identify the size of the small body DDoS, And take this kind of attack as a sign of the need to monitor suspicious activities .

“ Although financial institutions are dark DDoS Main objectives of , But finance is not the only industry targeted by such attacks .”

DDoS Attacks are increasing , And simply destroying the enterprise network is no longer the only target of attackers . It is likely to be a sign of a more dangerous and destructive potential threat , As the saying goes : The rain is coming and the wind is blowing all over the building .

Please bring the original link to reprint ,thank
Similar articles