Groups War Over Resources For DDoS Attacks (csoonline.com)

← Back to Stories (view on slashdot.org)

Groups War Over Resources For DDoS Attacks (csoonline.com)

Posted by EditorDavid on Saturday May 20, 2017 @07:49AM from the battling-botnets dept.

An anonymous reader quotes CSO: As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released Thursday... There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies Inc. There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. "And other people can come in and take over the device, and take those resources to feed their own botnet," he said. "I'm seeing that over and over."
The article reports a median size for DDoS attacks of 4 gigabits per second at the start of 2015 -- which droped in the first quarter of 2017 down to 500 megabits per second.

23 comments

Min score:

Reason:

Sort:

Go Brickerbot! by Dutch+Gun · 2017-05-20 07:56 · Score: 4, Insightful

I'm rooting for BrickerBot. Shut those vulnerable devices down permanently, and there's less for the rest of us to worry about.

--
Irony: Agile development has too much intertia to be abandoned now.
1. Re: Go Brickerbot! by Anonymous Coward · 2017-05-20 08:19 · Score: 0
  
  Destroying the devices is the most just outcome. Companies that make trash devices with no security will only suffer if their customers turn around and hold them accountable. We should knock these things out of service and remove the distinction between half broken and fully broken products.
2. Re:Go Brickerbot! by Anonymous Coward · 2017-05-20 17:09 · Score: 0
  
  We should shoot the people who get robbed. Then we won't have crime.
Re:Go Gaysexbot! by Anonymous Coward · 2017-05-20 08:05 · Score: 0

I'm all for gaysexbot! I just want gaysexbot to influence everyone just like the Russians influenced the US elections. If you just *TELL* people to do something like have gay sex or vote for TRUMP, that's all it takes to change their minds!
Needs more stats by jon3k · 2017-05-20 08:06 · Score: 1

Lower median could also mean that it's so easy that lots of unskilled botnet creators have entered the arena. You'll notice at the same time the largest DDoS attacks continue to grow year over year.
1. Re:Needs more stats by mhkohne · 2017-05-20 08:26 · Score: 1
  
  Lower median could also mean that it's so easy that lots of unskilled botnet creators have entered the arena. You'll notice at the same time the largest DDoS attacks continue to grow year over year.
  I think that's exactly what it means, but this means that anyone who really is smart is going to have to go after other classes of device when trying to perform a DOS - because all the kiddies are fighting over the stuff that they used to use. They may still be able to do damage, but they'll have to work for it again, instead of just being able to re-use the stuff they had before.
  
  --
  A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
2. Re:Needs more stats by Zocalo · 2017-05-20 08:41 · Score: 1
  
  Or the writers of the rootkits could try to secure the device they have just owned, something that has already been done by several rootkits and exploits in the past. It's actually very rare to see a genuine 0-day exploit being used to generate a botnet, they far more often tend to rely on exploits that have been released for a while and for which patches are often already available, as we just saw with WannaCry. There's basically a race between the vendors of the rootkits who will need to add a new exploit to their kits once the details go public, then get it deployed in the wild (or sold to those that do via the darknet) first, so they can maximise the yield. In that light, it's probably just a matter of time before we see more advanced defensive mechanisms built into the rootkits to try and prevent a competitor usurping control; things like closing down external admin ports, enabling and configuring any available host based firewalling, and selectively installing any outstanding OS patches that won't compromise the malware.
  
  --
  UNIX? They're not even circumcised! Savages!
3. Re:Needs more stats by Anonymous Coward · 2017-05-20 09:20 · Score: 0
  
  If you do try and close down external admin ports, changing firewall settings and installing OS patches, that may just tip off the real admins that they've been rootkitted. Admins could simply run auditing scripts that check if any disk space, firewall settings, kernel patches or admin ports have changed.
4. Re:Needs more stats by Zocalo · 2017-05-20 09:48 · Score: 1
  
  If the admins are that on the ball with their security then you'd kind of expect them to detect and deal with the infection anyway, assuming that they were even vulnerable in the first place, so at best the rootkit is going to buy its operator a little bit of time by doing the bare minimum necessary to setup the bot, but probably not all that much. The flipside would be that the almost certainly far more numerous number of potential targets that don't have a competent admin (including most home PCs) or are not all that responsive would be less likely to have a competing botnet muscle in, which is probably more beneficial to the botnet operator in the long run. Presumably there's a tipping point at which securing the host becomes preferable to keeping a low profile, and if the competition between botnets is as heated as TFA implies, then my guess would be that it was passed sometime ago.
  
  --
  UNIX? They're not even circumcised! Savages!
5. Re:Needs more stats by jon3k · 2017-05-21 05:56 · Score: 1
  
  I think it's just that we have an entirely new class of targets. We had botnets before Marai and IoT botnets, those didn't go away. We've added more devices to the internet we didn't make any significant improvements to the security of existing devices.
Re: Go Gaysexbot! by Anonymous Coward · 2017-05-20 08:15 · Score: 0

The fuck kind of low grade unfunny troll is this?
DDoS Map... by Anonymous Coward · 2017-05-20 08:29 · Score: 0

http://www.digitalattackmap.co...
You're welcome
Encourage! by Anonymous Coward · 2017-05-20 08:38 · Score: 0

Do what you can to promote this, and perhaps these derps will start to snuff each other out. The Internet being left a better place as a result.
1. Re:Encourage! by Anonymous Coward · 2017-05-20 09:30 · Score: 0
  
  lol sure, like promoting guns in 'murka is getting rid of criminals, and reducing guns deaths.
Repeat yourself, you do by JustAnotherOldGuy · 2017-05-20 08:46 · Score: 1

"As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released Thursday... There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies Inc. There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet."
Editing, you should.

--
Just cruising through this digital world at 33 1/3 rpm...
From the redundant redundancies dept. by BarbaraHudson · 2017-05-20 08:49 · Score: 3, Funny

There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies Inc. There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet.

First they came and duped stories. I didn't say anything because sometimes I missed the original story.
Then they came and duped posts. I didn't say anything because they were easy to ignore.
Next they came and duped sentences in stories to pad them out. I said something ...
TThheeyy rreettaalliiaatteed bbyy bboott--dduuppinngg mmyy kkeeyybbooaarrdd,, tthhee bbaassttaarrddss.

--
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
1. Re:From the redundant redundancies dept. by Anonymous Coward · 2017-05-20 09:07 · Score: 0
  
  Wow, the quality of the submissions on slashdot is droping like a stone.
2. Re:From the redundant redundancies dept. by Anonymous Coward · 2017-05-20 09:46 · Score: 0
  
  plop
Re: Go Gaysexbot! by Anonymous Coward · 2017-05-20 09:09 · Score: 0

^ Funnybot says AWKWARD! ^

Captcha: soros-funded globalist AC shill parent!
My only question is by Anonymous Coward · 2017-05-20 09:26 · Score: 0

When will more cars and trucks be connected to the internet?
Re: Go Gaysexbot! by Anonymous Coward · 2017-05-20 10:07 · Score: 0

It's almost like the nerdier Trumpets are getting into machine learning, to shitpost for them.
Re: Go Gaysexbot! by Anonymous Coward · 2017-05-20 10:48 · Score: 0

Yeah we have seen South Park. That episode was only funny because how absurd it was.
You, on the other hand, are just dumb.
ohhh by Anonymous Coward · 2017-05-21 01:39 · Score: 0

we should kill politicians and erase the laws then there is no crime!!!!