DDoS Threat Report from A10 Networks: More targets than ever before due to the pandemic. Growing numbers of DDoS attack tools and massive botnets enable cyber criminals to carry out devastating DDoS attacks.
The current DDoS Threat Intelligence Report from A10 Networks shows that the pandemic not only had far-reaching social consequences, but also had an immense impact on the threat situation in the digital space. Cybercriminals are able to carry out extensive DDoS attacks, in particular due to the steadily increasing number of DDoS attack tools and the ever-expanding botnets. With numerous industries, service providers, and education and health services being forced to relocate their activities into the digital realm, cybercriminals had more targets at their disposal than ever before.
Botnets act as a catalyst for DDoS attacks
Another finding of the report is the increasing influence of the new 5G mobile radio standard on the general threat situation. With the faster and better networking of intelligent devices, cybercriminals are constantly opening up new possibilities for connecting botnets. Attacks with sometimes devastating consequences for companies are the result.
By consistently monitoring DDoS attacks, attack methods and associated malware activities, A10 Networks has noticed a steady increase in the frequency, intensity and sophistication of this form of threat in the second half of 2020. In the State of DDoS Weapons Report, A10 Networks saw an increase of over 12 percent in the number of potential DDoS attack tools on the Internet. In absolute numbers, 12,5 million compromised end devices were discovered and could be misused by criminals for their own purposes. The effects of this development can be dramatic.
Attack on Amazon at 2,3 terabits / s
For example, Amazon recorded a DDoS attack on its public cloud in June 2020, which, at 2,3 terabits per second (Tbps), was almost twice as large as any previously recorded attack. Shortly thereafter, Google revealed details of an even larger DDoS attack that peaked at 2,5 Tbps. Since the origin of the attacks, which cannot be clearly identified, makes it almost impossible to clarify the background, preventive measures and comprehensive preparation for possible DDoS attacks are essential. This is the only way to develop an effective defense strategy.
Expansion of the spectrum of attacks with malware
The basis for these enormous capacities of DDoS attacks are often botnets that are fed from compromised end devices. Due to the constant further development of methods for the unnoticed takeover of computers, servers, routers, cameras and a large number of other IoT devices and the sophisticated use of malware, gigantic botnets have emerged. These are indispensable tools for the hacker's portfolio to cause damage. Regarding the locations of these botnet agents, A10 Networks was able to identify clear priorities in India, Egypt and China, where about three quarters of the capacities of these tools can be found.
A special observation by A10 Networks is the sudden increase in the number of these attack tools in India in September 2020. More than 130.000 IP addresses with unique behavior were identified. The cause of this is suspected to be the Mirai malware strain.
Report helps with new strategy
“The insights from the A10 DDoS Threat Report are a key advantage when setting up a strategy to defend against potential threats,” explains Heiko Frank, Principal System Engineer at A10 Networks. “To protect themselves, organizations should block traffic from potentially compromised IP addresses and create blacklists. It is important to ensure that exceptions to this procedure are defined by restricted rights and low data rates. In addition, automated traffic baselining and artificial intelligence can help identify and mitigate zero-day attacks more quickly. Anomalies and deviations from historical accesses can thus be better located and rendered harmless. In addition, companies should always keep all devices connected to the network updated to the latest software versions and prevent outgoing connections as much as possible. "
Amplification attacks with a gain factor of over 30
Amplification, a technique that takes advantage of the connectionless nature of the UDP protocol, can be used by cybercriminals to expand the scope of DDoS attacks enormously. Put simply, attackers pretend to be the desired victim by forging the target IP address. Under this IP you then start a large number of requests to exposed servers, which also respond to unauthenticated IPs. Applications and protocols on these servers, which fulfill a reinforcement function, start a wave of inquiries about the actual target based on the replies that are made, which is many times larger than the original inquiries. Amplification reflection attacks, which can exploit millions of unprotected DNS, NTP, SSDP, SNMP, and CLDAP-UDP-based services, have led to record breaking volumetric attacks and are now the bulk of DDoS attacks.
With a gain factor of over 30, SSDP is considered one of the most powerful DDoS attack tools. The simplest protection against such attacks is to block port 1900 traffic coming from the Internet, unless there is a specific use case for SSDP use on the Internet. Blocking SSDP traffic from certain geographic locations where high botnet activity has been detected can also be effective protection.
Directly to the report at A10Networks.com
Via A10 Networks A10 Networks (NYSE: ATEN) provides secure application services for on-premises, multi-cloud and edge-cloud environments at hyperscale speeds. The company enables service providers and companies to deliver business-critical applications that are secure, available and efficient for the transformation to multi-cloud and 5G. A10 Networks enables better business results that support investment protection, new business models and future-proof infrastructures, and enable customers to deliver a secure and accessible digital experience. A10 Networks was founded in 2004, is based in San Jose, California, and serves customers worldwide. More information is available at www.a10networks.com and @ A10Networks.