Cisco Blogs

Déjà Vu

July 14, 2009 - 0 Comments

Leading Websites under Attack — Several major Web sites have reported attacks over the past few days that rendered their sites largely inaccessible.” — CNETA major wave of denial of service attacks against commercial and government organizations recently made headline news. This activity highlights how vulnerable networks can be to new attacks and how the modern cybercriminal is an increasingly sophisticated adversary. What’s interesting is that the above headline is from February 2000, when a major distributed denial of service (DDoS) attack took down Yahoo! in addition to other major websites. It was the most significant denial of service attack we had ever seen. Fast-forward nine and a half years to July 2009 when a recent New York Times headline reads “Cyberattacks Jam Government and Commercial Web Sites in U.S. and South Korea.”Déjà vu — yet again major denial of service attacks disrupt websites. Amazingly, these two major attacks are separated by almost 10 years. But in 2000, the attacks were the work of Mafiaboy, hardly an organized criminal, a 15 year old teenager out for a sort of cyberspace joy ride, launching the largest denial of service attack at that time. His plan put together a botnet (we used the term a lot less back then), instructing it to launch the attacks that overwhelmed Yahoo! and several other websites, creating a DDoS. It sounds very similar to the recent attacks of a botnet launching a distributed denial of service attack against major commercial and government websites. While Mafiaboy was identified, convicted for his shenanigans and released, and has since written a book, the details on the attacker(s) this time are not yet known. This time the attacker was able to build what is probably a more complex botnet to launch the attack, and the attack itself was more advanced, as it appears the compromised systems used in the attack are now self-destructing.We don’t yet know the source of these latest attacks, but it is not likely the work of a 15 year old amateur. Instead, the attacks are most likely the work of an increasingly sophisticated cybercriminal, with more focused intent than a teenage prank.Staying abreast of these cybercriminal trends is one of the key objectives of the Cisco Security Intelligence Operations. Their latest research findings are available in the Cisco 2009 Midyear Security Report, or you can view a video blog summary from Cisco Chief Security Researcher, Patrick Peterson. Check it out to learn more about the new cybercriminals who have replaced Mafiaboy.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.