The Terabit Era: Get Ready for Bigger DDoS Attacks

The Terabit Era: Get Ready for Bigger DDoS Attacks

Researchers have recently observed an alarming trend: attacks are multiplying in size, often far exceeding what many service providers consider a safe defensive capacity.

Security professionals have long concerned themselves with the growing volume and frequency of DDoS attacks. With thousands of attacks reportedly underway at any given time somewhere in the world, large institutions have had to steel their defenses against what is for many a daily event. In the NETSCOUT Threat Landscape Report, our researchers observed that the frequency of attacks actually declined between 2017 and 2018. However, any sense of relief this news might bring to beleaguered security teams is quickly offset by another alarming trend: attacks are multiplying in size, often far exceeding what many service providers consider a safe defensive capacity. DDoS has entered the terabit era.

According to NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT), the maximum size of DDoS attacks increased 174% in the first half of 2018 over the same period in 2017. In fact, the largest attack ever witnessed, at 1.7 Tbps, struck a large North American service provider, in February 2018. Fortunately, with the well designed and distributed nature of the customer’s architecture, their incident response preparedness, combined with their multi-layered Arbor DDoS solution, they were able to successfully mitigate the attack with no downtime. Still, this attack underscores the new reality that defenses designed to counteract attacks in the 300 Gbps range are no longer adequate. Even an infrastructure with a 1 terabit defensive capacity is at risk.

The Rise of Memcached-based Attacks

This record-breaking attack is an example of the memcached-based attacks that have arisen over the last year, so identified because they exploit vulnerabilities in memory caching servers used to accelerate data access for websites. Memcached is free, open source software frequently deployed in cloud service infrastructures and enterprise networks with the effect of increasing bandwidth. The actors behind the February attack uncovered a design flaw in the memcached software package that enabled them to take advantage of large amounts of service-provider bandwidth to build and launch an attack of unprecedented scale.

Given the proliferation of open source software, which is often rushed to market and made freely available without adequate testing for vulnerabilities, it’s safe to assume that this attack won’t go down as a one-off. Security teams should expect to see similar exploitations. As attack tools grow more sophisticated and new attack vectors emerge, attackers are finding it easier and cheaper to launch larger, more effective attacks.

The Hybrid Solution

The trend toward larger attacks reinforces the case for a hybrid or layered defense posture that combines on-premise and cloud mitigation capabilities. Everyday attacks are still relatively small and can usually be detected and mitigated with an on-premise solution (virtual or appliance). However, now that attackers’ capabilities have crossed the terabit threshold, it’s essential to have a cloud-based component with the capacity to mitigate attacks of the largest scale. The advantage of a hybrid approach is that cloud-based defenses can essentially be held in reserve (as opposed to “always on”) and instantly activated when the on-premise component detects an attack of significant size.

DDoS hardware and software solutions are all the more effective when they are backed by a global threat intelligence capability. Armed with this data and the analysis from a talented research team, countermeasures against both known and emerging threats can be fed directly into the mitigation products.

One important lesson we’ve learned in our many years of analyzing the threat landscape: once a new type of DDoS attack appears, it never goes away. The terabit-sized genie is out of the bottle, and it’s not going back in. Be ready.

About the Author

Tom Bienkowski is the Director of DDoS Product Marketing at NETSCOUT.

Featured

  • DHS Releases Framework for Safe, Secure Deployment of AI in Critical Infrastructure

    The Department of Homeland Security (DHS) released a set of recommendations for the safe and secure development and deployment of Artificial Intelligence (AI) in critical infrastructure, the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” Read Now

  • Making the Grade with Locks and Door Hardware

    Managing and maintaining locks and door hardware across a school district or university campus is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Knowing the basics of common door hardware, including locks, panic devices and door closers, can make a difference in daily operations and emergency situations. Read Now

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3