“2013 had some big splashy headlines about large DDoS attacks that were going to break the Internet. However in 2014, the focus will shift from large volumetric DDoS attacks to more advanced attacks that can emulate real visitors by using ‘headless browsers’ that are effectively real web browsers without all the graphical elements. Detection is very difficult for the average ddos mitigation device because the attacks will mimic real browsing sessions; for example, it will appear to be navigating the web page and clicking on links. The headless browser can also process Javascript, cookies and even Captcha; and therefore it is very hard for typical DDoS protection ‘box’ technology to pick up on.
These headless browsers are changing the ways in which businesses need to be thinking about protecting their websites. Not everyone, of course- just the ones that rely heavily on their websites to do business; for example, e-commerce websites. Conventional mitigation techniques like firewalls and big iron anti-DDoS platforms will be of no use against these attacks because once they are in, it is too late, so enterprises will need to keep this trend in mind and consider partnering with fast, reflexive service providers who can keep up with the level of sophistication being seen in the ongoing evolution of DDoS.
However, all is not lost: they can be spotted and stopped. Because it’s a botnet that will have written rules in the script, it will operate in a consistent way (similar to searchbot behaviour); as opposed to human behaviour that is much more erratic. This means that it can be spotted by a trained security team who can identify the pattern and intervene by writing their own rules on the fly to combat it. Obviously, not every business has the internal staff to perform this task in-house, but luckily there are options out there that offer this high level of DDoS protection.”
Jag Bains, CTO of DOSarrest Internet Security
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.