DDoS Attacks Less Frequent But Pack More Punch
According to the security company’s latest threat intelligence report, the number of large DDoS attacks jumped from 7 to 47 year-over-year in the first half of 2018, and the average DDoS attack size grow 174% during that period. The overall frequency of attacks, however, went down 13%.
The overall assault size was driven by novel techniques and has seen an increase of 37% since memcached appeared (memcached amplification fueled a 1.7 Tbps attack earlier this year). Between March and June 2018, the number of vulnerable (and accessible) memcached servers dropped from 17,000 to 550.
Denial of service hacking
Although it has been used for reflection/amplification for years, Simple Service Discovery Protocol (SSDP) has received increased attention this year, when it was used to deliver traffic from ephemeral source ports. There are around 33,000 SSDP reflectors that could be abused in attacks, the report reveals (PDF).
The rise of Internet of Things (IoT) devices, most of which lack proper protection, use default credentials and are plagued with both known and unknown software vulnerabilities, is expected to continue to fuel a growth in IoT botnets such as Mirai, which has spawned numerous variants over the past two years.
Attack targets have diversified, with verticals such as finance, gaming, and e-commerce being most likely to be targeted. Telecommunications providers observed the largest number of incidents, and data hosting services were also targeted.
“Today, any organization, for any real or perceived offense or affiliation, can become a target of a DDoS attack,” NETSCOUT Arbor says.
In addition to DDoS attacks, cybercrime and nation-state espionage attacks represent other types of threats posing high risks to organizations and consumers alike.
“Over the past 18 months, internet worms, supply chain attacks, and customer premises equipment (CPE)/IoT compromises have opened up internetscale threat activity. Nation-state APT groups continue to develop globally, used as another means of state-craft and often targeting governments and institutions of geo-strategic relevance,” the report reads.
Targeting newly discovered vulnerabilities in Office, the Iran-based threat actor OilRig has been highly active over the past year. Russian-linked cyber-group Fancy Bear wasn’t dormant either, with the most noteworthy attack recently attributed to it being the VPNFilter malware campaign.
The overall assault size was driven by novel techniques and has seen an increase of 37% since memcached appeared (memcached amplification fueled a 1.7 Tbps attack earlier this year). Between March and June 2018, the number of vulnerable (and accessible) memcached servers dropped from 17,000 to 550.
Denial of service hacking
Although it has been used for reflection/amplification for years, Simple Service Discovery Protocol (SSDP) has received increased attention this year, when it was used to deliver traffic from ephemeral source ports. There are around 33,000 SSDP reflectors that could be abused in attacks, the report reveals (PDF).
The rise of Internet of Things (IoT) devices, most of which lack proper protection, use default credentials and are plagued with both known and unknown software vulnerabilities, is expected to continue to fuel a growth in IoT botnets such as Mirai, which has spawned numerous variants over the past two years.
Attack targets have diversified, with verticals such as finance, gaming, and e-commerce being most likely to be targeted. Telecommunications providers observed the largest number of incidents, and data hosting services were also targeted.
“Today, any organization, for any real or perceived offense or affiliation, can become a target of a DDoS attack,” NETSCOUT Arbor says.
In addition to DDoS attacks, cybercrime and nation-state espionage attacks represent other types of threats posing high risks to organizations and consumers alike.
“Over the past 18 months, internet worms, supply chain attacks, and customer premises equipment (CPE)/IoT compromises have opened up internetscale threat activity. Nation-state APT groups continue to develop globally, used as another means of state-craft and often targeting governments and institutions of geo-strategic relevance,” the report reads.
Targeting newly discovered vulnerabilities in Office, the Iran-based threat actor OilRig has been highly active over the past year. Russian-linked cyber-group Fancy Bear wasn’t dormant either, with the most noteworthy attack recently attributed to it being the VPNFilter malware campaign.
Comments
Post a Comment