Researchers with Akamai Technologies have witnessed a significant uptick in Simple Network Management Protocol (SNMP) reflection attacks since April 11.
SNMP is typically used in devices such as printers, routers and firewalls that can be found both in the home and enterprise environments. According to Akamai’s Prolexic Security Engineering and Response Team (PLXsert), it is the devices that support SNMP v2 are most often used in the attacks.
“Until approximately three years ago, SNMP devices were manufacturing using SNMP v2 and were commonly delivered with the SNMP protocol openly accessible to the public by default,” according to the company’s advisory. “Devices using SNMP v3 are more secure. To stop these older devices from participating in attacks, network administrators need to check for the presence of this protocol and turn off public access.”
Since April 11, the researchers have observed 14 distributed denial-of-service (DDoS) campaigns that have made use of SNMP amplified reflection attacks. The attacks targeted a number of different industries, including gaming, hosting companies and non-profits. The main source countries have been the United States and China.
“The use of specific types of protocol reflection attacks such as SNMP surge from time to time,” said Stuart Scholly, senior vice president and general manager for the Security Business Unit at Akamai, in a statement. “Newly available SNMP reflection tools have fueled these attacks.”
According to Akamai, attackers appear to be using the tools to automate GetBulk requests. Through the use of GetBulk requests against SNMP v2, attackers can cause a large number of networked devices to send their stored data all at once to a target and overwhelm its resources. This kind of DDoS attack, called a distributed reflection and amplification (DrDoS) attack, allows attackers to use a relatively small amount of their own resources to create a massive amount of malicious traffic, according to the company.
“Network administrators are encouraged to search for and secure SNMP v.2 devices,” added Scholly. “The Internet community has been active in blacklisting the devices involved in recent DDoS attacks, but we also need network administrators to take the remediation steps described in the threat advisory. Network administrators can help prevent more devices from being found and used by malicious actors.”
The advisory can be downloaded here.
Marketing professional with a background in journalism and a focus on IT security.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
