DDOS attacks are leveraging the cloud
- By William Jackson
- Jul 28, 2014
The latest quarterly report on distributed denial of service attacks by Prolexic finds that this year’s DDOS attacks are packing more of a punch.
The attacks during Q2 2014 were shorter but used more bandwidth and delivered more packets than during the same period last year. This is due, at least in part, to the cloud. In addition to using reflection and amplification techniques, attackers also exploited vulnerable servers, more powerful than PCs, the report concludes.
“When building server-side botnets, attackers have been targeting platform-as-a-service and software-as-a-service vendors with server instances running software with known vulnerabilities,” the authors wrote. These include versions of Linux, Apache, MySQL, PHP stack and Microsoft Windows server operating systems. These exploits allowed attackers to not only leverage the power of the cloud, but to hide in it as well, using the vendors’ IP reputations to help ensure that packets get through to their targets.
Prolexic found that these cloud-based attacks were observed in “the most sophisticated and carefully orchestrated DDOS campaigns.” But because of their effectiveness, the analysts expect them to continue. “They pose a significant danger to businesses, governments and other organizations that could have an entire data center taken offline for the duration of the attack,” they wrote.
William Jackson is freelance writer and the author of the CyberEye blog.