The Schwartz Report

Blog archive

Spamhaus Suffers Biggest DDoS Attack of All Time

This week's attack on the Spamhaus Project was the worst known distributed denial of service (DDoS) attack raising the bar on the brute force weapons at the disposal of cyber assailants.

Spamhaus is often attacked by those who take issue with the fact that it blacklists spammers. But this week's DDoS attack started at 10 gigabits per second and peaked at an unprecedented 300 Gbps, The New York Times reported. "It is the largest DDoS ever witnessed," said with Dan Holden, director of Arbor Network's Security Engineering and Response Team, noting that the unknown attackers were well aware that Spamhaus already had sophisticated cyber defenses.

"It's unique because of the amount of power they've been able to harness," added Dean Darwin, senior vice president for security at F5 Networks. Despite the new level of magnitude, Darwin warned it may just be the tip of the iceberg. "It's the kind of attack we're going to see a lot more of," said Darwin, saying the Spamhaus attack is the latest data point showing the need for CIOs and CSOs to step up their game by providing application-level security to their systems.

"The attacks we've seen in the past are very network centric," he said. "Now we're seeing the sophistication of the attack profiles as being very application centric." In effect, Darwin said unless firewalls, intrusion prevention systems, threat management gateways and malware remediation programs, among other tools, can work intelligently together, victims of DDoS and other attacks will remain vulnerable.

Despite its magnitude, Spamhaus is just the latest of an onslaught of cyber-attacks that have gripped companies of all sizes in recent months, especially some of the nation's largest banks. While DDoS attacks are nothing new, most have lasted a few days or at most a week, Holden said. "To go for months is unprecedented."

Experts also pointed out this week that the largest telecommunications and Internet service providers (ISPs) need to make their networks more intelligent so as to know that a flood of millions of packets targeted at DNS at once from organizations is the result of botnets rather than legitimate traffic.

There is a best practice recommended by the Internet Engineering Task Force published in 2000 called BCP38. David Gibson, vice president of strategy at Varonis, a provider of data governance solutions, pointed out in a blog post that most providers have implemented these best practices except for 20 percent. The problem is 80 percent isn't good enough, he noted.

"Just like on the road, where a few (or many) distracted or careless drivers can cause harm to countless others, a group of sloppily configured routers can allow attackers to disrupt critical infrastructure that we've come to depend on," Gibson noted. "We can't turn off DNS. Though it's theoretically possible to make everyone use TCP instead of UDP for DNS queries (which would make these queries much more difficult to spoof), so many people would be adversely affected during the transition that this might make things worse than just living with the DDoS attacks."

Has the onslaught of attacks caused you to change how you defend your company's systems? Drop me a line at [email protected].



Posted by Jeffrey Schwartz on 03/29/2013 at 1:15 PM


comments powered by Disqus

Subscribe on YouTube