Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Multiple Sources Responsible For DDoS Attacks

Prolexic Technologies : 15 October, 2012  (Technical Article)
Prolexic explains why the company believes that the recent run of Distributed Denial of Service attacks are the responsibility of multiple attack sources
Multiple Sources Responsible For DDoS Attacks

Prolexic Technologies believes the recent spate of DDoS attacks should not be attributed to just one group/individual or toolkit, as has been widely assumed.

The bot toolkit discovered to be responsible for the majority of these attacks is a PHP-based suite known as itsoknoproblembro; the infected hosts are known as brobots. However, post forensic attack analysis of a number of infected hosts conducted by the Prolexic Security Engineering & Response Team (PLXsert) point to multiple malicious actors participating in the crippling DDoS attacks using individualized toolkits and tactics.  The PLXsert team found:

* Techniques of exploitation and defacements varied. In some instances hosts were taken over and defaced. In others, files were dropped and scans were setup to identify additional targets. This leads PLXsert to believe that the initial infections were performed by multiple groups (or multiple individuals).

* Forensics showed that different toolkits were used to maintain or gain access to infected hosts.

* A blend of attack scripts and different techniques during each observed campaign points to the possibility of multiple, well-organized groups.

* PLXsert was able to gain visibility into some machines and was able to prove persistence of infection going back to May 2012. The difficulty of cleanup is directly related to the number of different toolkits used and the high number of back doors installed. This supports PLXsert’s hypothesis that multiple groups/individuals used different tactics.

“A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks,” said Stuart Scholly, president at Prolexic. “As we approach the critical online holiday shopping period, there is no doubt that attackers have armed themselves with advanced toolkits capable of generating amplified and sophisticated DDoS floods.”

Prolexic will issue its Q3 2012 Global DDoS Attack Report in mid-October. The report will include a detailed case study on the itsoknoproblembro toolkit as well as data from the recent high profile DDoS attacks.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo