Influential national security blog Lawfare has been the target of a distributed denial-of-service attack since Wednesday, with attackers amplifying their efforts as security measures are used to stop the traffic barrage.
The DDoS attack knocked the site offline intermittently for a few hours on Wednesday, Executive Editor Susan Hennessey estimated, but the malicious traffic stubbornly persisted through Thursday.
The attack “increased substantially in response to preliminary defense measures,” Hennessey told CyberScoop in an email Thursday. The website appears to have stabilized, she said, despite the continuous pinging of Lawfare’s site.
“Previous attacks have taken us offline for longer periods, but we now have more sophisticated defenses in place so size doesn’t necessarily correlate to impact,” said Hennessey, a former attorney in the National Security Agency’s Office of General Counsel.
“While large, the attack hasn’t been especially sophisticated in morphing, so our current measures of just blocking the traffic seem to be working,” she added later on Thursday.
Hennessey said Lawfare, which publishes articles on national security law, uses a DDoS mitigation tool from San Francisco-based security company Cloudflare. Data from Cloudflare indicate that the primary attack originated in Seychelles and a secondary attack originated in Romania, according to Hennessey. As she pointed out, that does not mean the culprits are physically located in those countries; location-spoofing and hijacking computers in disparate locations are often tactics employed by those who launch DDoS attacks.
“While we have insight into the technical attack, we don’t know who is responsible or what their motivation might be,” Hennessey said, adding: “We wish they’d knock it off.”
While defenses have matured, DDoS attacks are still a cheap and popular tool of cyber criminals. The emergence in recent years of DDoS-for-hire services selling access to botnets has only accentuated this trend.
Andrew Shoemaker, founder of the testing company NimbusDDOS, said his customers “have reported an uptick in DDoS attacks in the last six months across a wide swath of industries.”
Shoemaker told CyberScoop that it is difficult to pin down the cause of that uptick, but offered one possible explanation. “It may simply be that a new tool exists in the black-hat community that is making it easier to form botnets and launch attacks,” he said.