Back in the dark days of dial-up connectivity, attackers wouldn’t bother compromising home computers as bots to be used in distributed denial-of-service. The lack of bandwidth made PCs persona non grata in the DDoS world. Instead, attackers targeted Web servers, the only machines with the high-speed broadband connections to make DDoS viable. Read More ..
In the years since, broadband has literally come home and personal machines have been compromised by the millions for everything from spam to flood attacks against websites and online services.
Yet in 2012, attackers went back to the future, opting again to use Web servers in the year’s most high-profile DDoS attacks against almost every major U.S. financial institution. The results were crippling 70 Gbps attacks against online banking services hosted by Bank of America, PNC, Wells Fargo and a number of others that dwarfed run-of-the-mill DDoS attacks by seven times the attack volume.
“The used compromised servers sitting in a data center with high-powered bandwidth,” said Gary Stockrider, solutions architect with Arbor Networks. “They were generating large, high packet-per-second attacks using a small number of hosts. Rather than seeing tens of thousands of hosts, we’re seeing hundreds.”