Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

DDoS Attacks Less Frequent But Pack More Punch: Report

There were seven times more distributed denial (DDoS) attacks larger than 300 Gbps (gigabit per second) observed during the first six months of 2018 compared to the first half of 2017, NETSCOUT Arbor reveals.

There were seven times more distributed denial (DDoS) attacks larger than 300 Gbps (gigabit per second) observed during the first six months of 2018 compared to the first half of 2017, NETSCOUT Arbor reveals.

According to the security company’s latest threat intelligence report, the number of large DDoS attacks jumped from 7 to 47 year-over-year in the first half of 2018, and the average DDoS attack size grow 174% during that period. The overall frequency of attacks, however, went down 13%.

The overall assault size was driven by novel techniques and has seen an increase of 37% since memcached appeared (memcached amplification fueled a 1.7 Tbps attack earlier this year). Between March and June 2018, the number of vulnerable (and accessible) memcached servers dropped from 17,000 to 550.

Although it has been used for reflection/amplification for years, Simple Service Discovery Protocol (SSDP) has received increased attention this year, when it was used to deliver traffic from ephemeral source ports. There are around 33,000 SSDP reflectors that could be abused in attacks, the report reveals (PDF).

The rise of Internet of Things (IoT) devices, most of which lack proper protection, use default credentials and are plagued with both known and unknown software vulnerabilities, is expected to continue to fuel a growth in IoT botnets such as Mirai, which has spawned numerous variants over the past two years.

Attack targets have diversified, with verticals such as finance, gaming, and e-commerce being most likely to be targeted. Telecommunications providers observed the largest number of incidents, and data hosting services were also targeted.

“Today, any organization, for any real or perceived offense or affiliation, can become a target of a DDoS attack,” NETSCOUT Arbor says.

In addition to DDoS attacks, cybercrime and nation-state espionage attacks represent other types of threats posing high risks to organizations and consumers alike.

Advertisement. Scroll to continue reading.

“Over the past 18 months, internet worms, supply chain attacks, and customer premises equipment (CPE)/IoT compromises have opened up internetscale threat activity. Nation-state APT groups continue to develop globally, used as another means of state-craft and often targeting governments and institutions of geo-strategic relevance,” the report reads.

Targeting newly discovered vulnerabilities in Office, the Iran-based threat actor OilRig has been highly active over the past year. Russian-linked cyber-group Fancy Bear wasn’t dormant either, with the most noteworthy attack recently attributed to it being the VPNFilter malware campaign.

Hidden Cobra, the North Korean threat actor also known as the Lazarus Group, has been observed targeting crypto-currency exchanges, as well as Central and South American banks. Operating out of Vietnam, Ocean Lotus has been actively targeting government and finance sectors over the past year.

The crimeware sector too remains robust and NETSCOUT Arbor expects it to spread beyond its traditional attack methods. There’s an increase in the use of auto-propagation methods, which have already fueled massive malware distribution campaigns such as last year’s WannaCry and NotPetya.

“The hunger for exploitation of new vectors will also continue, as we have seen in the immense DDoS attack impact created by Memcached earlier this year,” NETSCOUT Arbor says.

The security firm also expects an increase in SSDP abuse for internal intrusion, as well as growth in the “use of legitimate software programs by espionage groups and the addition of secondary tactics such as adding crypto-currency mining by crimeware actors.”

Related: Largest Ever 1.3Tbps DDoS Attack Includes Embedded Ransom Demands

Related: FBI Attribution of ‘VPNFilter’ Attack Raises Questions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.