Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

MIT Network Under Frequent DDoS Assault: Report

MIT Hit By More Than 35 DDoS Attacks So Far This Year

MIT Hit By More Than 35 DDoS Attacks So Far This Year

Since the beginning of the year, the MIT (Massachusetts Institute of Technology) network has been assaulted at least 35 times by distributed denial of service (DDoS) attacks, Akamai reveals.

According to a new report from the Akamai SIRT (Security Intelligence Response Team), these DDoS campaigns have been aimed at different targets within MIT, and roughly 43% of the attacks leveraged DDoS reflection and amplification methods. Attackers targeted multiple destination IPs within the MIT network during these incidents and used a combination or devices to launch the attacks, Akamai said.

Authored by Wilber Mejia, Akamai SIRT, the case study (PDF) reveals that 14 unique floods were used in these DDoS campaigns, namely ACK, CHARGEN, DNS, GET, ICMP, NTP, NETBIOS, RESERVE protocol, SNMP, SSDP, SYN, TCP anomaly, UDP, and UDP FRAGMENT floods. The devices used to launch these attacks were vulnerable to reflection abuse and spoofed IP sources.

The largest of the attacks peaked at 295 Gbps (Gigabits per second) and consisted of only a UDP flood signature that researchers believe to be a variant of the STD/Kaiten malware. The attack topped 58.6 Million Packets per second and used a combination of UDP Flood, UDP Fragment, DNS Flood attack vectors. Another large incident peaked at 89.35 Gbps using the same combination of attack vectors.

“These attack types have commonly been included in sites offering so called booter or stressor services,” Mejia notes in the case study. UDP and DNS reflections attack vectors were used to generate the most attack traffic from the investigated campaigns, the researcher reveals.

The report also mentions that the reflectors used in these attacks are not necessarily owned or acquired by the malicious actors, but that they are rather abused in these incidents. The reflectors used in the attacks against MIT were mainly located in China, but researchers observed a total of 18,825 unique sources of reflectors around the world during the MIT attacks.

The case study also reveals that Xor DDoS botnet attacks were persistent across these campaigns, but they did not produce the largest amount of malicious traffic against MIT. This type of attacks are more accessible to a much larger population of malicious actors, it seems.

Advertisement. Scroll to continue reading.

“The fact is almost anyone with motivation and enough knowledge to determine the IP of their target can launch these attacks at low cost. A recent look at a pricing of popular sites offering DDoS ‘stresser’ services show this can be performed for as little as 19.99/month,” Mejia explains.

During the first quarter of this year, Akamai observed a record number of DDoS attacks (19) larger than 100 Gbps, and revealed in the beginning of June that attackers also started to leverage TFTP (Trivial File Transfer Protocol) protocol for reflection and amplification. In June, Imperva researchers observed a 470 Gbps incident that leveraged no less than nine different payload (packet) types.

Related: Botnet Uses IoT Devices to Power Massive DDoS Attacks

Related: Thousands of CCTV Devices Abused for DDoS Attacks

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.