New concerns are arising with news of what appears to be the recent, perhaps largest cyber-attack ever – against SpamHaus.
The cyber attack is likely in response to SpamHaus blocking a Dutch Web hosting service, according to USA Today. The service was allegedly the source of large amounts of spam, the report said.
The big cyber attack also led to many concerns over the recent volume of Dedicated Denial of Service (DDoS) assaults. Netflix was among those sites affected by the Spamhaus-Cyberbunker incident.
Such DDoS attacks have led to security problems in large organizations as well.
In the recent incident, Spamhaus “alleges that Cyberbunker launched a series of … DDoS attacks in retaliation alongside criminal gangs from Eastern Europe, and said the scale of the assault was unprecedented,” IT Portal reported.
“The attack on Spamhaus, and their upstream security and Internet providers, is yet another example of how DDoS has become the de facto weapon of choice for cyber-activists, cyber-criminals, business competitors and others,” Marty Meyer, president of Corero Network Security, said in a recent statement carried by IT Portal. “Unfortunately, the shared infrastructure that is the Internet can be vulnerable to this type of attack on the DNS system… It illustrates the collateral damage that can be felt by individuals trying to access sites and businesses like Netflix for whom the web is the cornerstone of their business.”
“It also raises a worrying red flag that if an organisation like Cyberbunker could allegedly unleash this much damage, could a cyber-terrorist or state sponsored attacker use similar tactics to disrupt the communication and business channels of its enemies that rely on the Internet?” He added.
Governments in both the United States and United Kingdom have responded to the latest series of incidents and concerns. U.K. authorities formed a cyber-crime protection project involving the private and public sectors. Also, the U.S. Department of Homeland Security is focusing more on cyber threats, and the government could launch pre-emptive cyber strikes on foreign cyber attackers.
The efforts by the two governments also come as the DDoS attacks show how vulnerable enterprise infrastructure has become, IDC (News - Alert) (International Data Corporation) warned in a recent report.
DoS and DDoS attacks are increasing in frequency, especially on financial firms and other businesses.
“These attacks render servers and/or network resources unavailable by overwhelming them with traffic,” according to the report, carried by TMCnet. “The evolution from hacktivism to financial gain to disguising more targeted attacks is evidence of a re-emerging trend that exploits the weaknesses and vulnerabilities of some of the world's largest and most powerful organizations.”
"As these attacks surged in prevalence and sophistication, organizations were often caught unaware. Embedded capabilities were quickly overwhelmed and outages were readily apparent on the Web. This is driving the need for proactive solutions to protect customer's infrastructure from current and future attacks," said Christian A. Christiansen, vice president, Security Products & Services research at IDC. “As detailed in the IDC forecast, the worldwide market for DDoS prevention solutions (including products and services) will grow by a compound annual growth rate (CAGR) of 18.2 percent from 2012 through 2017 and reach $870 million.”
Volumetric-based attacks are reportedly the most popular attack. There’s also an increase in advanced hybrid attacks that include application layer and encrypted traffic. IDC says there will be an increase as well in the on-premises equipment market.
"With the number of high-profile attacks steadily increasing, the market for DDoS prevention solutions will surge," John Grady, research manager for IDC's Security Products program, predicted. "A defense-in-depth posture with a combination of on-premise equipment and cloud-based mitigation provides the best protection against advanced application and SSL-based attacks as well as large-scale volumetric attacks."