Three new DDoS attack types expected to grow in 2016

Nov 30, 2015 15:21 GMT  ·  By

With thousands of security products and experts watching the underground for possible threats, IBM staff is providing some insights into new types of DDoS attacks that are to be expected during the next year.

While two of the attacks the IBM team has already focused on happened during the past year with stellar results, the team also presents a new DDoS attack concept, which has yet to be seen in the wild.

The BitTorrent network is an ideal breeding ground for DDoS bots

The first type of DDoS attack, one that had already happened during August this year, abuses BitTorrent clients.

As for its modus operandi, malicious actors abused various BitTorrent protocols to launch DRDoS (Distributed Reflective Denial of Service) attacks, some of which had amplification factors up to 120 times.

The BitTorrent team has patched that particular vulnerability in its protocols, but with a network spanning the globe with tens of millions of users, cyber-criminals are constantly scouring BitTorrent's technology for new ways to abuse it.

Using malicious JavaScript to trigger DDoS attacks

The second type of DDoS attack relies on a technique of hijacking one site's traffic to trigger unwanted activity on another. While IBM cites one attack, two of them happened in 2015 and will likely occur more often in 2016.

The first one took place back in April, when malicious actors used JavaScript to secretly load two GitHub pages whenever one person accessed a Baidu page.

The second DDoS attack of this type was a little bit more complex but used JavaScript code embedded in Imgur images, loaded on Reddit, to secretly load 500 or more 4chan images inside hidden iframes. This meant that, for every Reddit user, 500 4chan images were requested, which was more than enough to bring down any self-respectable Web server.

What are Temporal Lensing DDoS attacks?

The third type of DDoS attack expected in 2016 by IBM's experts is based on a research paper from May 2015, which described Temporal Lensing DDoS attacks.

These types of attacks have never been recorded until now, but they have all the advantages of a crippling DDoS attack.

The only conditions are for attackers to properly synchronize network packets to arrive at a target at the same time, along with the need to find protocols that support amplification factors so that they don't need to time and sync millions of packets per attack.

A visual representation of the attack was extracted and presented below from the Temporal Lensing and its Application in Pulsing Denial-of-Service Attacks research paper.

Temporal Lensing DDoS attacks explained
Temporal Lensing DDoS attacks explained

Photo Gallery (2 Images)

DDoS attacks to diversify in 2016
Temporal Lensing DDoS attacks explained
Open gallery