Arbor Networks: Tools Now Automate DDoS Attacks

Automated toolkits are now making it possible for criminals to launch DDoS attacks without much technical knowledge

Attackers are increasingly using various tools to launch distributed denial of service attacks, according to Arbor Networks.

While some attack tools capable of launching DDoS attacks have been publicised recently, most organisations are not even aware of the broad range of tools that have been developed in the last few years and are readily available to attackers, according to Arbor Networks. Along with downloadable tools, there are commercial services that would launch attacks for a fee, said Curt Wilson, a research analyst with Arbor Networks’ Security and Engineering Response Team.

The tools included single user flooding tools, small host and shell booters, Remote Access Trojans with flooding capabilities, simple and complex DDoS bots and commercial DDoS services, said Wilson.

Flooding danger

Simple flooding tools such as a host booter have the capability to take down enterprise-class firewalls, Wilson said.

The explosion of these attack tools is a “game changer” for enterprise security because they now allow anyone with an Internet connection to launch a DDoS against any target, according to Arbor Networks. Many of the simple attack tools don’t require any sophisticated technical know-how beyond knowing how to type in the name of the target and hitting enter.

Some of the more complex tools can launch application layer attacks or target specific Apache vulnerabilities instead of just flooding the network with malicious packets.

Organisations who didn’t prepare for denial of service attacks in the past no longer have that luxury. Recent events have shown that online protesters can launch attacks to protest a company’s business practices or political philosophy.

About 35 percent of the respondents in Arbor’s WISR claimed a political or ideological reason motivated an attack on their networks, while 31 percent reported “nihilism” or vandalism.

“Increased situational awareness has become mandatory for all Internet-connected organisations,” according to the Arbor report.

Attack volumes increase

The analysis of attack tools accompanied Arbor’s seventh annual Worldwide Infrastructure Security Report, which the company released on 7 February. The study also found that attack volumes increased in 2011. The increase in the number of attacks could directly be linked to the fact that it is now easier than ever to launch attacks.

While DDoS attacks launched from professional coded bots and commercial services is a bigger threat to enterprises, smaller projects from amateurs can still cause some damage, according to Wilson. These tools can also blend several types of threats, making it more attractive and financial lucrative to criminals.

While host booters are typically designed to flood a single user’s IP address and knock the player out of an online game, those tools often are also capable of other malicious activities such as stealing passwords, downloading and executing malware on the victim’s computer, and sniffing keystrokes, said Wilson.

There are many reasons for using these tools for launching DDoS attacks, ranging from revenge, extortion, protesting social or political policies, and taking down a competitor. Arbor Networks has also observed thieves launching DDoS attacks to flood networks after stealing money using a banking Trojan in order to hide the theft, said Wilson.