Another Threat from Anonymizers: Shotgun DDoS Attacks and How to Protect Your Site

Today, every page you visit online and everything you do really, your IP is being traced and your movements are being tracked by government agencies and businesses alike. Unless you’re using anonymizers – tools that make internet browsers anonymous and may help users avoid the feeling that somebody's watching them.  However, like many things in life, anonymizers can be a two-edged sword; though they are an accommodating tool, they may expose users to more harm than benefit. After all, wherever there are limited boundaries to freedom, there is a higher likelihood of anarchy.   

An anonymizer is what it sounds like: a program or service that protects your online identity by allowing you to conduct your internet activities through what’s called a proxy server. So instead of your activities and online movements being attributed to you, they’re attributed to the proxy server. If you’re thinking anonymizers aren’t always used for good reasons, like protecting the communications of people in countries that face extreme censorship, or helping online stalking victims, then congratulations, you understand human nature.

Not only have anonymizers been accused of making cybercriminal activity easier and even extorting their own users, but now an ever-increasing number of DDoS attacks are originating from them. For more on these shotgun DDoS attacks and what you need to know to protect your website, read on.

Shotgun DDoS attack basics

The popularity of using anonymizers for low effort but high-impact DDoS attacks was uncovered by security firm Incapsula during their IP Reputation Project. While creating a database of IPs associated with malicious activity, which currently stands at more than 4.2 million IPs, Incapsula found a way to trace malicious activity coming from anonymizers.

These DDoS attacks have come to be called shotgun DDoS attacks, and in them, an attacker leverages a large number of open proxies in order to transform a DoS attack – a denial of service attack, from a single source – into a DDoS attack, a Distributed Denial of Service attack, from all of those open proxies. Picture a multitude of pellets being blasted from a single shotgun shell. This allows an attacker to hit one target from a multitude of directions.

According to Incapsula’s Ofer Gayer, a year ago anonymous proxies were the originating point of about 5 percent of DDoS attacks. That number has since jumped to 20 percent.

Why attackers love anonymizers

The first and most obvious reason is that anonymizers mask attackers’ IPs. That would probably be enough to convince attackers to utilize anonymizers for their evildoings, but there are more benefits where that came from.

The second reason attackers love anonymizers is because proxy servers allow them to launch a distributed denial of service attack from just one computer. Normally a number of infected machines called a botnet would be required.

Anonymizers also help avoid what’s called geo-blacklisting, when an organization’s security will simply block all traffic from countries that they don’t otherwise get a lot of traffic from if that’s where the threat is found to be originating. Proxy servers distribute attack traffic across multiple IPs as well as multiple locations, making this type of blocking impossible.

Anonymizers also help attackers bypass ACL security solutions, which are effective against single-source DoS attacks but not the multiple attack points of a DDoS attack. Rate-limiting security measures are also rendered ineffective by shotgun DDoS attacks, as the individual payload delivered by each attack source is lower thanks to how many proxies over which the attack is spread.

The Tor network, back in the news

This is hardly the first time anonymizers have been caught in DDoS crossfire. Some TOR websites, such as ‘Middle Earth marketplace’ and ‘AlphaBay’ reported lately on DDoS attacks carried out against them. Additionally, in December of last year, it was reported that hacker group the Lizard Squad was overtaking many of the volunteer nodes on Tor, a widely-used anonymizer, in order to eavesdrop on users and open those users up to attacks or extortion attempts.

Tor has been the recipient of more bad press lately, as it has been found that almost 45 percent of all shotgun DDoS attacks originate from the Tor network.

What it all means for you and your website

If it feels like DDoS attacks are firing from every direction these days, it’s because they are. Attackers and hackers, botnets, governments, DDoS for hire services, business rivals, and who the heck ever on anonymizer networks. They’re all finding increasingly creative ways to launch DDoS attacks, and not only are they becoming increasingly common, but they’re becoming all the more sophisticated and devastating all the time.

As frustrating as it may be to read this kind of thing, staying informed on developments in DDoS attacks is one-third of the battle. The other two-thirds of the battle are taking DDoS attacks as seriously as they need to be taken, and investing in the professional DDoS mitigation services that will protect your website and company from these attacks.

Jade is a seasoned freelance writer passionate about technology. Following the movements of the niche guides her writing and digital communications. Jade is a published author across a number of notable digital publications and has the ability to offer a unique insight through her research and on-going journalistic work.