Experts have confirmed the Internet is in the midst of the biggest Distributed Denial of Service (DDoS) attacks in cyber history .
These recent cyber attacks affect key parts of the Internet’s infrastructure and messes up Internet speeds in several European countries.
According to Mashable, the initial fair game was Spamhaus, a European anti-spam company that blacklists emails considered as spam by its filters and sells the lists to Internet service providers (ISPs).
In mid-March, large-scale but average DDoS attacks hit Spamhaus after it blacklisted controversial web hosting company Cyberbunker.
Unsurprisingly, the alleged perpetrator did not take responsibility for the assault against the anti-spam company.
A hacker carries out a typical DDoS attack by sending fake traffic at a server through thousands of computers to congest and overload its network.
DDoS attacks usually use malware-infected computers, so hackers silently gain control of the machine without consent from and knowledge of the owner.
Dubbed as “botnets,” these computers often get infected with malware through spam emails from hackers who want to gather large networks for DDoS and other functions.
Spamhaus sought help from security firm CloudFlare right after the massive DDoS attack against its servers.
Ever since Spamhaus contracted it, CloudFlare has continuously spread the attacks to multiple datacenters.
Through the security firm’s approach,websites taken down by DDoS can remain online even if the cyber attack consumed the maximum traffic possible.
CloudFlare CEO Matthew Prince said DDoS attacks often have limited size of about 100 Gigabits per second (Gbps) because of router limitations.
However, the new Denial of Service have turned into sophisticated, fierce attacks of up to 300 Gbps and is continuously expanding its list of targets.
With efforts to knock CloudFare-protected Spamhaus offline failing, hackers switched their target to the network providers of CloudFare.
Prince said the hackers targeted CloudFare’s upstream, including the firm’s transit providers and their transit providers.
The new tactic exploited a known vulnerability in an important element of Internet infrastructure: the Domain Name System (DNS).
DNS is a hierarchical naming system for computers and services that converts the names of websites to their equivalent IP address, and helps to push content sought by a user from the Internet to the computer.
A key part of DNS is the resolvers, and 21.7 million of them are open and readily accessible to and tractable by hackers.
Prince wrote a technical explanation on the CloudFlare blog, where he partly said the DDoS attack works with the hacker spoofing a target’s IP address.
The DDoS sends a request to any open resolver, which sends back a large-scale reply to the target, amplifying the attack, he added.
Hackers can easily rig DNS resolvers to magnify the effects of typical Denial of Service attacks from 100 Gbps to 300 Gbps because resolvers connect to large pipes with lots of bandwidth to a target.
Popular security firm Kaspersky Labs confirmed and called the attacks as one of the biggest DDoS operations in history.
Large DDoS attacks amplified by DNS manipulation can affect Internet speeds worldwide because its part of the infrastructure.
DNS servers handle multitudes of domain names, and a major hitch with it can cause massive negative effects for services directly or indirectly targeted by the DDoS attacks.
ISPs must use technologies capable of preventing hackers from spoofing a target’s IP address, and network admins must close open DNS resolvers on their network, Prince told Mashable.
He said all network admins must go to openresolverproject.org and type in the IP addresses of their network to determine the presence of an open DNS resolver on the network.
Cyber criminals can use open DNS resolvers to launch attacks on the Internet, sot it’s necessary for admins to make sure they are not knowingly helping destroy the online world.
If there’s any consolation, the DDoS attacks have awakened the dormant online security industry from its seemingly lackluster actions on open DNS.
Prince warned that DDoS attacks amplified by DNS will be here to stay for a very long time.
The bright side of the attack was that it rang the alarm in the networking industry to continue previous works on closing open DNS resolvers, he added.
A good website that helps protect and repair servers from malware is sucuri.net.