Are DDoS attacks becoming more sophisticated?

Blurring the lines: observations on DDoS and Bitcoin
DDoS appears to be taking on new guises

If you've taken the time to read the various security articles over the last few months, you'll quickly realise that the relatively nascent Bitcoin is well acquainted with DDoS.

Initially, this was to undermine and influence Bitcoin currency, but now it is actually being used to steal Bitcoin funds in the millions of dollars.

Of course, the very nature of a ""virtual currency"" is going to be attractive to cyber criminals who see it as an easy target; after all, they only have to steal digital information from a computer.

At the end of the day, the attackers are winning with what is all too often considered a crude tool. It begs the question: Is DDoS still to be considered a blunt instrument? From what I have seen, the answer is a resounding no. Here's why:

Unconventional DDoS

DDoS is getting more sophisticated - DDoS in its simplest form attempts to bombard a server with so many requests that it can't handle the volume and therefore just shuts down, making a website inaccessible.

The conventional understanding of DDoS is that it is typically massive in terms of bandwidth, packets per second and connection, and the latest attacks on BitStamp suggest there was indeed a high volume aspect to the attack.

The more important aspect to this attack was how the attackers were able to masquerade the hash of a user transaction and essentially bombard the exchanges with it- in the hope it would be processed before the actual legitimate sessions.

In effect, this was not your typical 'clog the pipe' DDoS strategy, which is usually touted in articles detailing a huge DDoS attack. The attackers had quite specific knowledge and did their homework when it came to how best to take advantage of DDoS tools and bring down the exchange.

Blurring the lines between DDoS and hacking

DDoS and hacking have traditionally been seen as two mutually exclusive security initiatives, each requiring its own set of mitigating strategies.

While we have seen the two used in tandem - where the DDoS is the 'feint' used to cover backend attempts for data theft - the Bitstamp situation stands apart from these experiences in that the DDoS was the actual tool used to carry out the theft.

The spoofing of a digital signature/hash to modify the blockchain record was within the payload of the actual DDoS attack. It's an alarming development considering that more and more 'conventional' companies are implementing public facing tools to carry out transactions, which could be hijacked in a similar manner as seen here.

There's no doubt that the stakes are high when it comes to Bitcoin- on the one hand, there could be a lot to gain as adoption and popularity rises; and on the other, there is the regulatory uncertainty and likely insurance issues to consider.

When it comes to protecting yourself, realise that by accepting virtual currency, you also become a target for Bitcoin miners and make sure you have appropriate technology in place to protect yourself from DDoS attacks - whether it is a hardware solution that takes days to install and requires a higher up-front cost; or a provider who offers DDoS protection services that can be up and running in as little as a few hours for a monthly cost.

  • Jag Bains is Chief Technology Officer for DOSarrest Internet Security, a DDoS protection company.