Distributed Denial of Service attacks are on the rise. At best it might mean your website is unavailable for a couple of hours. At worst, the most malicious can cost companies thousands upon thousands of dollars. Ofer Gayer, a security researcher writing for TechCrunch tells the story of one such company.

DDoS-Attacks-Vulnerability-ScanningThey were contacted by a financial service provider who had been experiencing a peak in registrations to its site caused by a targeted spam attack. Fake registrations kept pouring into the site, most of which looked reasonable enough to be considered genuine at a first glance.

The problem is the financial services company was required to do a background check on every new registration before it could be passed to the sales team. The background check team was small and so completely inundated by this waterfall of incoming registrations – the bottleneck causing sales operations to cease.

The operator of this bot had obviously been someone who knew the company well enough to know the manual background check and identify it as a weak spot. The perpetrator had created a bot intelligent enough to repeatedly fill out this one specific form with details that didn’t match an obvious pattern yet be well-disguised as a regular human user. Not only in content but also in origin – displaying browser-like HTTP fingerprints and capabilities allowing them to circumvent the website’s challenge-based access controls.

Many types of bot are out there scanning for vulnerability in systems, and as soon as any vulnerability is published e.g., Shellshock or Heartbleed, then a deluge is inevitable as they go looking for unpatched versions of whatever is at fault. These bots are the “go-to too for hackers”. And they are becoming increasingly sophisticated in their methods. The increase in the use of TOR and other publicly available (and many of them free) anonymous proxies allow malicious users to perform application-layer DDoS attacks such as HTTP floods. As they evolve and become more stealthy it quickly becomes apparent that the defence needs to increase its efforts.

It is not enough anymore to simply recognise a bot – as they are becoming harder and harder to distinguish from genuine users – but why would a bot be there, trying to attack, in the first place. “Use of reputation and behavioural analysis can help examine the context of bot visits” and this will help to mitigate the lost revenue from such widespread and increasingly common assaults.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”

Comments are closed.