Just Enough Is Good Enough: The Profile of Multi-vector Attacks
During RSA Conference 2016, Neustar will preview some findings from our upcoming Security Operations Center (SOC) Report. The report chronicles attacks that the Neustar SOC team spotted and mitigated in 2015. As part of a three-part series covering different aspects of the SOC findings, this blog post profiles multi-vector attacks, a troubling trend on the rise.
Multi-vector attacks are strikes that utilize an array of technological weapons, stages, and strategies to combat a company’s defenses. Unlike a traditional DDoS attack, which has a single capability and usually relies on brute force to overwhelm its target, multi-vector attacks can be used to launch a series of coordinated assaults of different intensities and objectives.
Since multi-vector attacks often require more deployment time and effort than a standard DDoS attack, they’re increasingly being used by motivated and seasoned criminals who have more sophistication than to rely on a defensible six dollar stressor website.
Consider these stats from the SOC:
- 57 percent of multi-vector attacks involved reflection attacks
- 47 percent of multi-vector attacks occurred in Q4
- 43 percent of multi-vector attacks were less than 1 Gbps
The last figure, 43 percent of multi-vector attacks were less than 1 Gbps, underscores the significance of “low and slow” attacks that often serve as smokescreens. As an assault that often arrives in waves, low volume, multi-vector attacks can often appear as a minor annoyance. But in the big picture, they can do just enough to keep an IT team busy while setting the stage for the insertion of malware or exfiltration of important company information.
With every seeming “mistake” or “blocked attempt,” the criminals use their attacks to run reconnaissance on defenses, and adjust their tactics accordingly.
As Rodney Joffe, Neustar Senior Vice President and Fellow has often said, “the bad guy knows that when it comes to breaching a system, just enough is good enough.” And with the proliferation of multi-vector attacks, the defensive bar must continue to be raised.