What comes to mind when the term “Denial of Service” is mentioned? Probably website outage.
This image has been crafted over the last couple of years with media, analysts and bloggers all talking about Denial of Service attacks, but mostly when the result of the DoS attack caused a site outage. Our latest report, the Radware Global Application and Network Security Report addresses this and other misconceptions about DDoS.
According to the report, most Denial of Service attacks, 60% of them, result with degradation of the service level and slowness of the application or external web site. Only 27% result in a complete outage.
Service level degradation is the quiet enemy of web operators and information security groups. As opposed to the noisy nature of service outages and the media attention associated with it, attacks that result in service level degradation generally go below the public radar. In some cases even below the radar of the IT department. However, this website/web application slowness does not go unnoticed by your site users and customers. According to a Walmart internal study from 2012, for every 100 milliseconds of degradation in their service, revenues declined by about 1%. This means that the quiet enemy of service level degradation can easily become your website’s quiet killer.
The Radware Global Application and Network Security Report also defines a new set of attacks that have gained popularity over last year. In the report, we group them together as “Web Stealth” attack vectors and we predict the use of these attack types to increase in 2014.
Web Stealth attacks are a set of DoS/DDoS attacks that are characterized by one (or more) of these attack vectors:
- Having Dynamic IP addresses (sometimes even behind CDNs)
- High distributed attacks
- Attacks with the ability to pass Challenge/Response
- Attacks that use low-traffic volume but saturate servers’ resources
One of the most common Web Stealth attack vectors is the Login Page attack. With a DDoS oriented Login Page attack, the attacker is not interested in gaining access to the site, nor stealing user credentials, but rather they create fake login transactions in hopes of saturating the service.
Another trend examined in this report edition is that of using DDoS as a protesting tool in geo-political scenarios. We’ve seen this trend in all 3 years that our annual report has been published and this 2013 report is not any different. From Operation Ababil to the nuclear crisis in North and South Korea and extending until the present day riots in Ukraine, hackers have managed to create attacks that cause outages or major slowdowns to a victim’s site.