New modes of attack are making it cheaper to hire a botnet to deliver a distributed denial of service (DDoS) attack, says Darren Rennick, CEO of Prolexic.
Prolexic specialises in mitigating DDoS attacks, monitoring web traffic and compiling a "weather report" on DDoS attacks. Rennick says the new approach is to use botnets, each with tens of thousands of computers, to send tiny amounts of data to a target site.
"Each message is too small for protective software to suspect or detect, but the aggregate effect is to block or damage the website," he said.
"If an attacker inserts their malware into modestly busy websites of say 100,000 visitors a day, each visitor could receive the malware, and a DDoS attack with millions of connections could be launched very easily," he said.
Censorship and industrial sabotage are replacing extortion as the main aim of distributed denial of service (DDoS) attacks, Rennick added.
He cited Estonia, which in May was hit by massive attacks, some lasting 10 hours or longer and blocking scores of megabytes of bandwidth. Russia was widely suspected of being behind the attacks, but has denied involvement.
Another was the recent attack against the Daily Telegraph, which tends to take a right-wing stance on political issues.
While these attacks might be politically motivated, industrial sabotage is becoming more common, Rennick said. Last year, online gambling sites sometimes faced blackmail demands from DDoS managers, but online retailers now face attacks from competitors, the aim being to shut down or damage the reputation of the competitor's website.
Comment on this article: firstname.lastname@example.org