AlienVault says Korean DDoS attack investigation results highlights complexities of latest DDoS attack methodologies

Commenting on reports that an investigation into a series of DDoS attacks against South Korea last October – downing the National Election Commission's Web site during Seoul's elections –have proven inconclusive, AlienVault says that the saga reveals the highly complex attack vectors now being used by cybercriminals when launching a denial-of-service Web site attack.

According to Jaime Blasco - a researcher with the Unified Security Management solutions provider and creator of the de facto open source SIEM, OSSIM – it doesn't take a genius to work out that the hackers behind the attacks were almost certainly supported by North Korea and/or China.

"South Korea has always been quick to criticise these two countries for their alleged Internet attacks, and the countries concerned have been quick to refute they have been the source of such attacks.” he said.

"It's actually not that important to us here in the West who was responsible for the DDoS attacks, but what is worrying for me and all of us in the security industry is that the South Korean government – and remember that this country is one of the most connected on the planet - was unable to conclusively prove who carried out the attacks," he added.

The AlienVault researcher went on to say, this seems to be a basic DDoS attack that is carried out by a botnet. The botnet controller can be easily hidden and hence make it  possible for the hacker to obfuscate and generally hide its location and identity.

Corporates can learn from this saga, he says, as it teaches us that the only truly effective defence against a carefully planned denial-of-service attack is to use a cloud-based - and therefore itself distributed - DDoS protection system.

“As we've seen over the last 12 months, hackers, cybercriminals, and political hacktivists increasingly rely on DDoS attacks because they are inexpensive to execute and difficult to stop,” he explained.

Blasco adds that AlienVault’s researchers know that underground chat rooms now advertise DDoS attack services with prices starting from a few tens of dollars, making it relatively easy for less technically aware - but malevolent - users to disrupt and even disable a victim's Web site.

Current DDoS attacks, he explained, have become more sophisticated - and cybercriminals can now launch highly advanced attacks that can evade firewall detection by exploiting application vulnerabilities.

To protect against DDoS attacks, Blasco argues that organisations need a security technology that protects against all types of DDoS attacks and can also scale to manage massive bursts of traffic.

“Knowledge is everything here, so understanding the attack vectors being used in a given situation can help IT professionals develop a better understanding of which security technologies are required – in this case a cloud-based defensive system – to better defend the IT resources,” he said.

"Of course, it's also possible to host a Web site wholly in the cloud, but it should be remembered that the cloud data storage has to be physically located somewhere, so even a cloud-based Web site - which adds other security issues to the technology mix - is still vulnerable to a DDoS attack," he added.

 For more on AlienVault: http://www.allienvault.com

For more on the Korean DDoS attack investigation: http://bit.ly/KYNdoR