lolloj - Fotolia
What is a long-tail DoS threat, and how does it target web apps?
Fine-grained application monitoring can defend against a long-tail DoS threat. This new kind of vulnerability manipulates service queues within a web application.
Denial-of-service, or DoS, attacks continue to set public- and private-sector organizations on edge. The largest recorded attack -- 1.7 TB of traffic -- hit a U.S.-based carrier in March 2018. With attackers driven by a combination of ideological and financial motives, enterprises across all verticals need to maintain a high level of awareness of trends and evolving attack profiles.
Recently, a long-tail DoS threat has started entering the conversation. Unlike distributed denial-of-service attacks, a long-tail DoS threat involves a light-volume breach that takes advantage of resource limitations across systems supporting multi-tiered applications. Instead of overwhelming a single server with a flood of traffic coming from multiple nodes, the long-tail DoS threat manipulates the service queues within a web application to interrupt processes and derail service.
How do DoS attacks target web apps?
Multi-tiered web applications are comprised of multiple process layers. The end user's request is initially received, typically via a web server that then queries back-end services. These services are often microservices that construct the requested content and send that data back to the user through the interface.
These multilayered applications rely on multiple systems and subsystems, each of which is potentially vulnerable to malicious traffic that can overwhelm its resources and disrupt service. While long-tail attacks are atypical of most DoS incidents today -- where the trend is to larger-bandwidth distributed attacks -- they can also be exceptionally hard to spot. Thus, some long-tail attacks could go undetected.
Application monitoring can be an important first defense against these and other application-layer attacks. Fine-grained application monitoring to look for anomalous bursts in metrics like CPU utilization and query traffic can be an early indicator of trouble.
With that said, attackers trying to use this model face a significant barrier to success. For a long-tail DoS threat to disrupt operations, the attacker needs to have a good understanding of the interrelationships between systems on which an e-commerce or other web application runs. This means knowing which systems to target and how much traffic is needed to generate bottlenecks that could stall application processes.
However, as hackers have proven time and again, motivated cyberattackers can outwit some of the most difficult challenges. So, while a long-tail DoS threat may not be high on your security list, enterprises need to understand the potential for that to change.
