Why the Internet of Things could lead to the next great wave of DDoS attacks

Businesses should ensure that they are still securely protected against DDoS attacks, despite the recent growth of other trends such as ransomware.

That’s the warning from Arbor Networks, which is urging organisations of all sizes to make sure they stay safe online as DDoS attacks are still rife around the world.

Speaking to ITProPortal at the recent InfoSecurity Europe 2017 event in London, Arbor CTO Darren Anstee reinforced the need for businesses to maintain their DDoS protection, despite it being hard to predict who might be hit next.

“DDoS is all about targeting the availability of those services that modern businesses rely on,” he noted.

In order to combat this growing threat, the company recently revealed an updated version of its APS on-premise, distributed DDoS detection and mitigation platform for enterprise customers.

The new release includes Arbor’s latest Cloud Signalling tool, which can help reduce the time to attack mitigation, bringing together on-premise and hybrid cloud migration efforts.

The Internet of Things is also set to provide a major new threat landscape for DDoS attacks, Arbor Networks believes, with past attacks such as Mirai and Dyn showing the potential for chaos.

“There are a lot of IoT DDoS attacks going on out there”,  Anstee says, noting that most people only hear about these assaults when a big brand is affected.

Poor regulation of IoT products has not helped with the spread of potential attacks, with many consumers unaware that the items they are buying will pose some kind of security risk.

But Anstee says that commercial pressure could instead play a big role in changing the current landscape, as vendors often return to market trends faster than regulatory pressure.

“If you want things to change quickly, you have to get people to get security implemented into their buying process,” he notes, adding that it is a “valid worry” that IoT attacks could scale to affect areas such as smart cities and infrastructure networks soon.

“We are going to see IoT devices being used for more nefarious purposes over the next few years…I don’t see the problem going away”.

As the recent WannaCry ransomware attack showed, however, businesses need to be protected against all kinds of threats.

Anstee noted that ransomware should remain a major concern for companies both large and small likely to be targeted.

“It’s a numbers game when it comes to ransomware,” he noted, “it is a very broad brush – if just one or two people pay, it makes it all worthwhile.”

In order to stay protected, there are several central steps that companies can take, Anstee added.

This includes network segmentation, which would allow infections such as WannaCry to be quickly and easily contained. “It’s not a sexy topic, but it needs to happen in many businesses,” he says. “We’ve all focused on agility, and flattening network infrastructure…but this is really important, as it can stop such attacks propagating within networks, if it’s done properly.”

But companies also need to ensure they have proper IT risk management systems, with Anstee noting that some infections WannaCry could have been blocked quickly if proper processes had been in place – and various departments had communicated properly.

“You can’t really blame anyone for this,” he concludes, “it really is a lot about talking to each other.”

Source: http://www.itproportal.com/news/why-the-internet-of-things-could-lead-to-the-next-great-wave-of-ddos-attacks/

  • 0

Final Fantasy 14 is experiencing DDoS attacks

Trouble logging in? It may be due to hackers

Final Fantasy 14’s servers have been under intense strain this past weekend. It now seems that these issues are the direct result of distributed denial-of-service attacks, Square Enix stated today.

 The attacks have apparently been going on since June 16, the first day that the game’s second expansion, Stormblood, went live for early access. This past weekend, early adopters were met with congested servers that were filled to capacity. Some queues just to log in surpassed 6,000 users. In the game proper, overwhelmed servers have lead to increased load times and made some quests impossible to complete.

Stormblood was officially released yesterday and as of today, massive amounts of access requests due to the alleged hack are continuing to occur.

Square Enix has stated that its technicians are doing all they can to defend against the attacks, but they are “continuing to take place by changing their methods at every moment.” The company also assured players that character data and private information associated with accounts have not been affected.

Source: https://www.polygon.com/2017/6/21/15845898/final-fantasy-14-stormblood-servers-ddos-attack

  • 0

Microsoft Skype Hit By Alleged DDoS Attack, Causes Connectivity Challenges

Microsoft has confirmed an outage in its Skype offering, which caused connectivity issues earlier this week and is allegedly the result of a Distributed Denial of Service attack.

Skype users started complaining about connectivity issues on Monday, with hours of downtime. The issues continued into Tuesday, with users losing connectivity and having trouble exchanging messages on the communications platform. The outage appeared to primarily affect Europe.

It is not clear if the connectivity issues affected just the consumer Skype application, or also Skype for Business.

Microsoft confirmed the issues with the service in a Tweet and on its blog, saying Monday that they were “aware of an incident where users will either lose connectivity to the application or may be unable to send or receive messages. Some users will be unable to see a black bar that indicates them that a group call is ongoing, and longer delays in adding users to their buddy list.” On Tuesday Microsoft updated the blog post to say it was “seeing improvements” but some users still were having issues with the service and the company was “working on that.”

Microsoft further updated the blog on Tuesday, saying it had made “some configuration corrections and mitigated the impact.”

“We are continuing to monitor and we will post an update when the issue is fully resolved,” Microsoft said.

Microsoft did not confirm reports at the time that the outage was the result of a DDoS attack. A hacker group, called CyberTeam, claimed responsibility for the attack in a tweet, saying “Skype Down by Cyberteam.”

Michael Goldstein, president and CEO of LAN Infotech, a Fort Lauderdale, Fla.-based Microsoft partner, called the incident “pretty scary,” assuming reports of a DDoS attack were true. He said it is concerning for small and medium businesses if a company as large as Microsoft can be hit by such an attack.

“It is definitely showing how the bad guys, how the dark side, is still looking to push [against big companies],” Goldstein said.

Goldstein said his company views Skype for Business as a “critical product” for both its own business and for its clients. He said he hopes Microsoft is working to bolster its Skype for Business product, as well as its consumer Skype product, against further attacks.

The reports of a DDoS attack against Microsoft come just a few months after a massive DDoS attack on Dyn caused significant Internet outages on the East Coast. The incident took down many popular websites, including Twitter and Netflix, as well as more than 1,200 other sites. The attacks in the October attack came from devices infected by the Mirai botnet – a malware that was revealed earlier in the month and spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.

Source: http://www.crn.com/news/security/300087511/microsoft-skype-hit-by-alleged-ddos-attack-causes-connectivity-challenges.htm

  • 0

Risk Management Pros Say an IoT Security Incident Could Be Catastrophic

A recent survey by the Ponemon Insitute and the Shared Assessments Program of 553 people with a role in risk management in their organizations found that 94 percent of those surveyed said a security incident related to unsecured IoT devices or applications could be catastrophic.

Still, just 44 percent of respondents said their organization has the ability to protect their network or enterprise systems from risky IoT devices, and only 25 percent said their boards require assurances that IoT risks are being appropriately assessed, managed and monitored.

Additionally, 77 percent of respondents said they don’t consider IoT-related risks in their third party due diligence, and 67 percent don’t evaluate IoT security and privacy practices before engaging in a business relationship.

Just 30 percent of respondents said managing third-party IoT risks is a priority in their organization.

“Ready or not, IoT third party risk is here,” Shared Assessments senior vice president Charlie Miller said in a statement. “Given the proliferation of connected devices, today’s cyber climate is evolving and organizations have to shift their focus to the security of external parties, now more than ever.”

“In order to avoid becoming the next big headline, our security tactics have to evolve along with the threats,” Miller added. “New technology and practices are needed to ensure security, and this starts by communicating the risks to the right people and acknowledging potential devastating outcomes when engaging with a third party. Avoiding these problems can no longer be the solution.”

Preventative Measures

In response, the report urges organizations to take the following key steps:

  1. Ensure inclusion of third-party and IoT risks occurs at all governance levels including the board.
  2. Update asset management processes and inventory systems to include IoT devices, and understand the security characteristics of all inventoried devices. When devices are found to have inadequate security controls, replace them.
  3. Continue to leverage and enhance contracts and policies and expand scope to include IoT specific requirements.
  4. Expand third-party assessment techniques and processes to ensure presence and effectiveness of controls specific to IoT devices.
  5. Develop specific sourcing and procurement requirements to ensure only IoT devices that are designed with security functions included and enabled are considered for product selection or acquisition.
  6. Devise new strategies, technologies and tactics directed specifically at reducing threats posed by IoT devices.
  7. Collaborate with industry experts, peers, associations and regulators to ensure IoT risk management best practices are devised, communicated and implemented.
  8. Include IoT in communication, awareness and training at all levels: board, executive, corporate, business unit and third-party.
  9. Recognize the increasing dependence on technology to support the business and the risk posed by this dependence.
  10. Embrace new technologies and innovations, but not at the expense of security, and ensure security controls are included as fundamental and core requirements.

Seventy-two percent of respondents said the pace of innovation in IoT and the varying standards for security make it hard to ensure the security of IoT devices and applications, and 65 percent said the drive for innovation in the IoT ecosystem requires new approaches to IT strategies and tactics.

Breaches and DDoS Attacks

Strikingly, 78 percent of respondents said a data breach involving an unsecured IoT device is likely to occur within the next two years, and 76 percent said the same of a DDoS attack involving an unsecured IoT device.

The concerns come as DDoS attacks become more and more frequent — according to Nexusguard’s Q1 2017 DDoS Threat Report, DDoS attack frequency surged by 380 percent in the first quarter of 2017, compared to the same time period the previous year.

The percentage of days with attacks larger than 10 Gbps rose significantly between January 2017 (48.39 percent) and March 2017 (64.29 percent).

Radware vice president of security Carl Herberger told eSecurity Planet by email that the rapid proliferation of unsecured IoT devices is driving the increase in DDoS attacks. “The Mirai attack made headlines last year, but it should not be considered a one-off,” he said. “Instead, this event was a predictor of what is to come.”

“Hackers are constantly developing new ways to leverage connected devices with little to no security protections to form larger and larger botnets that are able to execute dangerous and sizable DDoS attacks,” Herberger added. “We’ve seen various botnets appear over the last year, including Hajime, BricketBot and Persirai, demonstrating that IoT devices have become a new battleground for hackers.”

“Until manufacturers, the government, and consumers take a hard look at IoT security, the threat of bigger, more frequent IoT-fueled DDoS attacks will only loom larger,” Herberger said.

Source: http://www.esecurityplanet.com/network-security/risk-management-pros-say-an-iot-security-incident-could-be-catastrophic.html

  • 0

DDOS Attacks on the Rise

Distributed Denial of Service (DDoS) attacks leverage compromised devices to generate a flood of traffic, overwhelming online services and rendering them unresponsive. DDoS services are widely available on the internet, with research by Trend Micro finding that the small cost of US$150 can buy a DDoS attack for a week.  (It also brings organised crime into your life – but that’s a different point!)

The latest statistics from Cisco reveal that the number of DDoS attacks grew by 172% in 2016. Combine this with an average DDoS attack size of 1.2Gbps, capable of taking most organisations offline, and there is real cause for concern among cyber security experts. It is hard to trace DDoS attacks to their proprietors, as the majority of devices used in attacks belong to innocent users.

Organisations must understand the risk and impact posed by DDoS attacks, and implement mitigation strategies that promote business continuity in the face of these attacks. Industry peers must share knowledge where appropriate, and keep government agencies adequately informed, to deter hackers from launching a DDoS attack.

Cisco expects that the number of DDoS attacks in the future will only get worse, with 3.1 million predicted attacks in 2021 globally.

Source: http://www.natlawreview.com/article/ddos-attacks-rise

  • 0

4 School Districts in Florida Attacked By Moroccan Hackers

A group of hackers from Morocco allegedly tried to hack the US voting systems. In an attempt, they hacked four school districts from Florida.

According to reports, several hacking attempts were said to be made on the US voting system and culprits were mostly believed to be from Russia. However, it seems that another group also wanted to try and interfere with the election.

MoRo, a hacking group from Morocco, managed to breach defenses of four different school district networks. Their main goal was to try and find their way into the sensitive government systems from there. The UDT (United Data Technologies), which is a company that investigates such attacks, has stated that hackers managed to get into these networks via phishing attacks.

Miami Herald reports that they managed to infect school networks through malware by sending infected images via email. Unsuspecting workers clicked on images, which was enough for malware to infect the devices. A similar attack has also targeted one of the Florida city networks.

Upon entering school systems, hackers remembered to turn off logs that recorded who entered the systems. This has made it very difficult to discover what exactly they did once inside. Still, UDT analysts managed to find that hackers spent around three months in the system. They used this time to test defenses and map out the systems, and they even posted a photo of a man dressed as an ISIS fighter.

The only named one of these four districts which were Miami-Dade, which is also the largest one in Florida. It is believed that attackers that hacked this and other three districts initially intended to steal personal data from thousands of students. Then they realized that they could access much more than that.

Apart from personal information, the school also handles Social Security numbers for former and current students, and also their parents. Not to mention all of the school employees. Still, they seem to have failed in obtaining any of this data, despite the three months of access. Analysts even claim that hackers didn’t manage to access voting systems at all.

“They weren’t just looking for the names of kids and valuable Social Security numbers, UDT found. The hackers were also searching for some way to slip into other sensitive government systems, including state voting systems.”

This is only considered to be an attempted hack, and when it comes to attempts, there were seven of them. Despite the ISIS-related picture being posted on district’s website, Miami-Dade claims that there is no evidence of any access or malware in their computer systems.

It is believed that the first attack occurred in the fall. It was in November when the ISIS-inspired photo appeared, and it stayed up for 24 hours. That same photo appeared on another school district’s website a month later.

UDT claims that schools were only an entry point to the city and county systems. And even those systems would only serve as aiding in their search of a backdoor to the bigger, government systems. The National Cyber Security Alliance’s executive director, Michael Kaiser, has stated that it’s not unusual for school district networks to be connected to bigger networks.

Therefore, it would make sense for a hacking group to go for an easy target and then make their way to the main one. According to UDT, hackers even bragged about their achievements online. They even mentioned their plans of getting into voting systems and wanting to bring it down. The weird part is that this happened a month after the voting was over, in December.

Still, the FBI was contacted by the UDT, and malware was re-engineered. There was no evidence of stolen data, but the FBI still refused to comment on this incident. Whatever the point of these attacks was, the awareness of security’s importance in the school districts was raised.

Source: https://www.hackread.com/florida-school-districts-hacked-by-moroccan-hackers/

  • 0

Bigger & smaller – DDoS threats here to stay with conflicting trends

The noise created by distributed denial of service attacks is higher than ever – with vendors and attackers complicating the picture – but what do enterprises need to worry about?

Distributed Denial of Service (DDoS) attacks were one of the most talked about threats at InfoSecurity Europe 2017. One of the things vendors couldn’t agree on however, is the trend for their size and thus whether we should be defending against increasing numbers of small attacks or more frequent mega-attacks.

Corero Network Security, who met with SC during the conference, said in a press release that, “the greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions”.

Research from the firm says that “despite several headline-dominating, high-volume DDoS attacks over the past year, the vast majority (98 percent) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 10 Gbps per second in volume.”

It added: “they are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline so that the hackers can target, map and infiltrate a network to install malware and engage data exfiltration activity.”

Ashley Stephenson, CEO at Corero Network Security, explains: “Short DDoS attacks might seem harmless, in that they don’t cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions. Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander – in this case, a flicker of internet outage – while hiding their more sinister motives.”

DDoS protection has traditionally been something that major enterprises were able to deploy by having their traffic run through a supplier network at huge cost. The alternative was to switch traffic over to their DDoS protection provider in the event of an attack – but this could cause a delay of about 20 minutes while the company under attack found who to call and explain what was happening, the whole time that the attack was escalating.

Instead, Laurent Gil, co-founder at Zenedge, explained to SC Media UK how his company’s approach  to DDoS protection is different.

“We have an always-on monitoring system on the cloud so there is nothing to install for the customer, it’s the same SSL as an ‘always on’ solution, but always on in the cloud for monitoring and analysing of traffic patterns and when the early signs of an attack are spotted, we automatically re-route traffic to our scrubbing centre within 60 seconds – down from the 20 minutes it takes non-automated systems,” Gil told SC. He added that because the traffic only switched on demand, when there is an attack, it is less cost than if it had to be handled all the time and with a 60 second response, it still mitigated against the attack ramping up.

“It’s a tectonic shift in the market,” says Gil, adding, “We we can onboard many more enterprises, without them spending millions of dollars, which is what’s needed for a for mid-market enterprise.  DDoS protection did not exist for these companies because they couldn’t  afford it. It’s not that the traditional prime protection providers are losing revenues, but the market is much wider now than it was previously.”

In contrast to Corero, veteran vendor Imperva, hosted sessions which could be misconstrued as ‘humble-brags’ named “how we stopped a 650Gbps DDoS attack over lunch”.

Imperva points out that the source code of the Mirai botnet going open source has meant that the Tools, Tactics and Procedures (TTP) of botnet criminals have taken a step up. And naturally, it is prepared to protect against this threat with one of it’s “behemoth” data centre appliances.

Imperva’s Robert Hamilton, director of product marketing, hosted the sessions and said “DDoS attacks aren’t going away anytime soon”.

Raj Samani, chief scientist of Mcafee told SC: “The number is completely subjective. When we saw the beginnings of DDoS as an extortion tactic it was brushed off since the throughput wasn’t significant enough to worry most enterprises, then all of a sudden the firepower increased to in excess of 50Gbps. Whilst this number for many organisations can be easily managed (as we saw with DDoS providers withstanding 620Gbps attacks), the reality is that the firepower of DDoS attacks are on the up.  What is the magic number that will cause concern?  Well, it will be whatever hasn’t been tested against!”

That may be the case, but then Akamai, another DDoS protection giant says in its Q1 2017 State of the Internet report that “the mega attacks are outliers that represent the limits enterprises must be prepared to defend against. However, the overwhelming number of smaller attacks means that these mega attacks have little impact on the trend lines that defend the median attack size, which is a better indicator of what an organisation is most likely to see.”

Akamai raises another important point: the rise in use of IoT devices which are compromised for malicious use – such as using an “internet-enabled toaster to mine bitcoins” – are likely to end up contributing to harsher DDoS attacks as these devices are eventually recruited into the mega-botnets which carry out such attacks.

A new report from Kaspersky Lab, also released after InfoSec, shows that when organisations are attacked by a DDoS, “customer-facing resources suffer more in banking, than in any other sector.”

“For example, 49 per cent of banks that have suffered a DDoS attack have had their public website affected (compared to 41 percent of non-financial institutions) and 48 percent have had their online banking affected when they’ve been targeted by DDoS.”

“Recovering from DDoS is also more expensive for banks than non-financial organisations. The report shows that a DDoS incident can cost a financial institution US$ 1,172,000 (£917,427) to recover from, compared to US$ 952,000 (£745,000) for businesses in other sectors.”

Kirill Ilganaev, head of Kaspersky DDoS Protection, Kaspersky Lab said in a press release, “In the banking sector reputation is everything, and security goes hand-in-hand with this. If a bank’s online services come under attack, it is very difficult for customers to trust that bank with their money, so it’s easy to see why an attack could be so crippling. If banks are to protect themselves effectively from the price tag of an online banking cybersecurity incident, they first need to become more prepared for the dangers DDoS attacks pose to their online banking services. This threat should be featuring higher on banks’ security priorities.”

Kaspersky Lab is encouraging financial institutions to share security intelligence to be better prepared for dealing with the threat of an attack on their online banking services.

Source: https://www.scmagazineuk.com/bigger-smaller–ddos-threats-here-to-stay-with-conflicting-trends/article/668725/

  • 0

DDoS attacks continue to morph

According to Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, while reflection and amplification techniques have come to characterise a large number of complex, multi-vector DDoS attacks, the latest approach is to use reflection to exploit connection-less lightweight directory access protocols (CLDAPs).

Traditionally, large attacks based on reflection or amplification were the likes of NTP, DNS, SNMP, SSDP, SQL RS or Chargen. “But this new trend has now been discovered ‘in the wild’, with the force to generate highly efficient and destructive results,” he says.

What is CLDAP?

CLDAP is essentially a computer networking protocol designed for legitimate users to query and modify stored data on X.500 directory systems. It is typically used on Windows Exchange servers and domain controllers.

By providing directory and access control, one can use CLDAP to locate printers on a network, find a phone number of an employee, or see the security groups a user belongs to, for instance.

The modus operandi involves the attacker spoofing the source of a connectionless protocol, pinging the server with ultra-small queries. The server then responds to the victim with a far larger response. Initial findings suggest that this approach can amplify the initial response in the region of 46 to 55 times the size.

“This makes CLDAP attacks highly efficient. A well-orchestrated attack that exploits an organisation’s vulnerabilities could very quickly achieve massive total attack size, and bring down the digital systems of all but the largest and best-protected organisations.”

Primary targets

Reports* from cloud giant Akamai show that the largest example of CLDAP reflection as the sole vector resulted in a payload of 52 bytes, amplified to as much as 70 times in this case – creating an attack data payload of 3,662 bytes, a peak bandwidth of 24Gbps, and 2 million packets per second.

CLDAP attacks have primarily targeted the software and technology industry. Other industries targeted include internet and telecom, media and entertainment, education, retail and consumer goods, and financial services.

Fighting back

To effectively resist this type of DDoS attack, organisations need to thoroughly address the potential threat at a network level, by covering a number of bases:

  • Prevent abuse: Ensure that you have anti-spoofing deployed at the edges of your networks.
  • Detect attacks: Leverage flow telemetry exported from all network edges to Arbor technology, to automatically detect, classify, traceback, and alert on DDoS attacks.
  • Ready mitigation techniques: Deploy network infrastructure-based reaction/ mitigation techniques such as Source-Based Remotely-Triggered Blackholing (S/RTBH) and flowspec at all network edges.
  • Mitigate attacks: Deploy intelligent DDoS mitigation systems at strategic points within your network.
  • Minimise damage: Deploy Quality-of-Service (QoS) mechanisms at all network edges to police CLDAP traffic down to an appropriate level.
  • Remediate CLDAP services: Proactively scan for and remediate abusable CLDAP services on the ISP and customer networks to reduce the number of abusable CLDAP servers.

“Like many other reflection techniques, organisations must always have ingress filtering in place. Unless there is a real need for your firm to have CLDAP available over the internet, you shouldn’t expose this protocol,” concludes Hamman.

Source: http://www.bizcommunity.com/Article/196/661/163351.html

  • 0

US Blames North Korea For Series Of DDoS Attacks

The Department of Homeland Security and the Federal Bureau of Investigation issued a rare cybersecurity bulletin linking North Korea to a series of attacks that have targeted global businesses and critical infrastructure since 2009.

The alert focuses on a malware strain called DeltaCharlie, which DHS and FBI say was used by the North Korean government to launch distributed denial of service attacks. DDoS attacks use floods of web traffic from compromised devices to knock websites or services offline.

North Korea targeted “the media, aerospace, financial, and critical infrastructure sectors in the United States and globally,” the alert says.

The US government refers to North Korea’s hacking team as Hidden Cobra, but cybersecurity firms often use the slightly less sinister name Lazarus Group. The North Koreans have also been linked to the WannaCry ransomware that spread virally in May and shut down hospitals and businesses.

WannaCry primarily targeted unpatched Windows machines, and it sounds like the Lazarus Group’s DDoS malware is also primarily exploiting devices that run old versions of Windows. “The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation,” the alert notes.

Windows typically stops issuing patches for older operating systems after they have been retired, but the company today released patches that thwart WannaCry on outdated devices, ZDNet reports.

Although DHS and FBI released data that will help detect and mitigate Lazarus Group attacks, the agencies said more research is necessary to “understand the full breadth” of the group’s capabilities.

Source: https://www.gizmodo.com.au/2017/06/us-blames-north-korea-for-series-of-ddos-attacks/

  • 0

DDoS attacks hitting ‘record-breaking’ levels as volumes increase 380%

DDoS attackers are hitting hard, fast and with no breaks in between, leading to record-breaking attacks over hours or even days, according to Nexusguard’s Q1 2017 Threat Report.

Those record-breaking attacks over Valentine’s Day, Chinese New year and other ‘typically quiet’ periods during the season.

“In APAC, a lengthy attack January 28-31, the period of Chinese New Year, lasted 2 days, 19 hours, and 40 minutes. It was a widespread, disruptive event that left celebrants weary and exhausted upon returning to work,” the report says.

DDoS attack volumes have also risen 380% since the same time last year, according to Nexusguard’s statistics, based on 16,600 attacks.

While 51% of attacks lasted fewer than 90 minutes, 4% exceeded 1440 minutes. 77.3% of attacks were less than 10Gbps, while 20% were between 10-200Gbps and 2% exceeded 200Gbps.

The United States, China and Japan rounded out the top three sources for attacks. The rest of APAC was relatively unused as an attack source.

However it’s not just DDoS attacks that are on the rise: HTTP flood attacks jumped 147% in the last quarter alone. It is now one of the leading volumetric attacks, exceeding both TCP and DNS attacks.

The company cites the Internet of Things as a major weak point, particularly as the range of insecure devices and connections expodes. DDoS attacks can be persistent and long-lasting, which is a major area of concern.

“IoT botnets are only the beginning for this new reign of cyber attacks. Hackers have the scale to conduct gigantic, continuous attacks; plus, teams have to contend with attacks that use a combination of volumetric and application aspects,” comments Nexusguard’s CTO Juniman Kasman.

Those attacks are not happening in isolation. 93% of attacks combine application and volumetric vulnerabilities. Multiple DDoS attacks can also overwhelm systems.

The company warns that organisations that haven’t invested in – or haven’t upgraded – multi-layered defense mechanisms run the highest risk of attack exposure.

“This early data for 2017 shows that enterprises need to employ multi-layered defenses that use nimble resources, including large, redundant scrubbing networks and around-the-clock security operations if they hope to keep from drowning in the deluge of new attacks,” Kasman adds.

Source: https://securitybrief.co.nz/story/ddos-attacks-hitting-record-breaking-levels-volumes-increase-380/

  • 0