DDoS Attacks Use Multiple Vectors

Tuesday, September 26, 2017 @ 04:09 PM gHale


Seventy-five percent of distributed denial of service (DDoS) attacks used multi-vector approaches in the second quarter of 2017, a new report found.

The report, which measured over 8,300 attacks, showed hackers continued to rely on volumetric attacks to overwhelm system resources, according to the Nexusguard report.

RELATED STORIES
Size of DDoS Attacks on Rise
Cost of Cyberattacks on Rise: Report
Top Threats Firms Fear: Report
SMBs Face Ransomware, IoT Attacks

User Datagram Protocol (UDP)-based attacks increased by 15 percent this quarter, targeting hijacked devices connected to the IoT, and overtaking SYN, HTTP Flood and other popular volumetric attacks in popularity.

With the average attack was 4.63 Gbps in size, enterprises that do not have access to high-capacity DDoS mitigation would most likely suffer interruption from attacks, the report said.

IoT networks continued to be a target of DDoS attacks during Q2, including a new botnet, Persirai, which hit over 1,000 different models of IP cameras.

Nexusguard gathers the DDoS attack data through botnet scanning, honeypots, ISPs and traffic moving between attackers and their targets that is unbiased by any single set of customers or industries.

Here are some of the key points made in the report:
• UDP-based (User Datagram Protocol) attacks accounted for 77.4%, representing a 15 percent increase over Q1.
• 23.68 percent of attacks targeted a single vector, while the rest (76.32 percent) were blended, multi- vector attacks.
• Over 64 percent of attacks lasted less than 90 minutes; only 2.3 percent lasted longer than 1,200 minutes (20 hours).
• 90 percent of attacks were smaller than 10 Gbps (that’s large enough to knock a firewall or IPS offline, or take down networks that don’t have high-capacity, anti-DDoS mitigation).
• About 34 percent of attacks originated from the People’s Republic of China (PRC), while 20.9 percent and 10.1 percent had IP sources, respectively, in the US and Switzerland.
• Within the Asia Pacific region (APAC), 75 percent of attacks originated from the PRC, 11 percent from Hong Kong, and 3.5 percent from Australian IP addresses.

“UDP attacks can frequently act as smokescreens over other malicious behavior, such as efforts to execute remote codes, malware, or compromise personally identifiable information,” said Juniman Kasman, CTO for Nexusguard. “Due to the speed with which UDP attacks can overwhelm DNS servers and hijack IoT devices, rapid detection and response is critical for overcoming these types of attacks. Organizations need to protect their DNS servers, and should consider using Anycast routing technology to avoid saturating individual attack targets.”

Click here to download the report.



Leave a Reply

You must be logged in to post a comment.