DNS Amplification Attacks rise Two-fold in Q1

Hackers continue to favor multi-vector approaches to help launch volumetric attacks

Photo Credit : Reuters,

DNS amplification types of DDoS attacks doubled in the first quarter of 2018 over last quarter, and spiked nearly 700 percent year-over-year, according to Nexusguard's "Q1 2018 Threat Report."

The quarterly report, which analyzes thousands of global cyber attacks, reported that 55 of the attacks were due to exploited Memcached servers. The vulnerable servers pose a significant new risk if not properly configured, similar to exposed servers enabled by Domain Name System Security Extensions (DNSSEC), a major threat in Q4. The poor configurations left unchecked can cause the amplified traffic to bring about the highest multiplying effect ever.

Similar to vulnerable IoT devices deployed with little or no security, exposed Memcached servers can give cybercriminals openings to mount attacks amplified by a factor of 51,000 times, making them the most efficient attack tool to date.

Although service providers were able to decrease the number of vulnerable Memcached servers over the past few months, Nexusguard researchers urge organizations to ensure security is built into devices or services from inception through deployment, including new security configurations and virtual patches throughout lifecycles.

"Cyber attackers continue to seek new vulnerabilities to pursue more firepower, launching more amplification attacks through unguarded Memcached servers and poorly configured DNSSEC-enabled DNS servers the past two quarters, and we expect this trend to continue," said Juniman Kasman, CTO for Nexusguard.

"To stay ahead of cybercriminals, businesses will need to ensure security is a top priority from development through to rollout, rather than leaving it as an afterthought."

Hackers also continue to favor multi-vector approaches to help launch volumetric attacks, blending combinations of DNS amplification, network time protocol (NTP), universal datagram protocol (UDP) and other popular attack vectors in more than half of all botnets over the last three months.

China and the U.S. dominated as the top two sources of DDoS attacks in Q1, contributing 15.2 percent and 14.2 percent of the botnets, respectively. Vietnam climbed to third place, contributing more than 7 percent of the global attacks.


Tags assigned to this article:
hackers multi-vector approaches DNS Attacks

Advertisement

Around The World