A nation state is learning how to take the internet offline

Bruce Schneier: DDoS attacks are targeting companies that host the web

A nation state is learning how to take down the internet, according to IT security expert Bruce Schneier.

Hackers are launching major DDoS attacks on some of the companies who host the web's infrastructure, Schneier warned.

But the length and sophistication of these DDoS attacks are such that it is clear the hackers behind them are trying to learn the limit of the companies' defences.

Schneier said in a blog post: "One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The point is not to crash these companies' systems immediately, he added, but to launch attacks on a variety of vectors that require the targets to reveal their entire defence capabilities. The hackers also hit them with probing attacks that manipulate internet addresses, seeing how long it takes for their defences to kick in.

"Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services," Schneier said.

While the hosting providers spoke with Schneier anonymously, he said their findings tally with network security firm Verisign's DDoS trends report, which found attacks became more frequent, persistent and sophisticated in the spring of this year. 

Schneier ruled out hacktivists, researchers and cybercriminals, saying the size and scale of the attacks point to a nation state actor, most likely China.

"On the other hand, it's possible to disguise the country of origin for these sorts of attacks," he added.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/data-protection/354492/currys-pc-world-parent-firm-hit-with-ps500k-fine-over
data protection

Currys PC World parent firm hit with £500k fine over historic data breach

9 Jan 2020
Visit/security/ransomware/354483/travelex-disruption-caused-by-devastating-ransomware-attack
ransomware

Travelex disruption caused by devastating ransomware attack

8 Jan 2020