Amplification DDoS Attacks are the Most Popular Cyber Threats

Distributed Denial of services Attacks are the most popular in hackers’ toolkit as indicated by separate reports by Symantec and Akamai researchers. Akamai reported a 389% increase in average attack bandwidth between third quarter of 2013 and the third quarter of 2014.

Technically, DDoS attacks reduces the ability of the computer resource to execute legitimate commands from the users. A hacker achieves this by directing a flood of traffic to the target device using a fleet of remotely controlled computers (botnet). Once a system has been compromised it becomes busy responding to the hacker’s requests such that it lacks time to respond to legitimate commands from the user.

Reflection and amplification DDoS attacks are particularly popular among hackers because they are able to generate huge traffic using few machines, or smaller botnets. According to Candid Wueest, a threat research with Symantec, attackers are can amplify an initial traffic by a factor of 100. A typical internet connection is between 1 to 10Gbps implying a hacker can amplify it up to 1000Gbps.

In the third Quarter of 2014, Akamai mitigated over 17 attacks with a traffic of over 100Gbps the largest having a whooping 321Gbps. “These mega-attacks each used multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed,” said John Summers, the vice president of the company’s security business unit.

“We’ve seen a remarkable increase in the number of very large attacks,” continued Summers. “If you do not have a way to defend [against a 100Gbps attack], other than at the access into your infrastructure, you’re going down, there’s nothing you can do.”

In a Whitepaper released on Thursday Symantec recorded 183% increase in Domain Name Server application attacks between January and August this year. “DNS amplification attacks have increased because there are still enough open DNS servers that can be used to amplify the traffic,” Wueest said. “Address lists of such servers are traded in the underground and integrated into botnet malware making it accessible to many attackers.”

Symantec, reported a spike in other types of volumetric attacks which involve user datagram protocol (UDP), internet control message protocol (ICMP), or transmission control protocol (TCP) traffic floods. In this case attackers exploit vulnerabilities in internet protocols in an attempt “exhaust fixed limitations of a network, such as the maximum number of concurrent open connections, by opening as many TCP connections as possible,” said Wueest.

The increased in DDoS attacks have been further attributed to a growing DDoS-for-hire criminal industry, and mass exploitation of web vulnerability that allowed attackers to recruit more computers into their botnets, reported Akamai.

More worrisome, is a growing trend where botnet farmers are shifting from traditional PCs and servers to recruiting smartphones and Universal Plug and Play enabled devices into their botnets. For the first time Akamai observed devices using ARM microprocessor participating in DDoS attacks. ARM is commonly using is devices such as Smart TV’s, Smart Fridges and IP cameras.

Akamai attributes the increased number of DDoS attacks to lack of adequate firmware protection and a failure to run malware protection on smartphones and cable modems making them idea targets for botnet farmers. “People have built ways to crack into those devices, then install software that they can launch DDoS attacks from,” said Summers.

US leads in the number of DDoS attacks, with 24% of the attacks origination from US, followed closed by China at 20% and lastly Brazil contributing 18% of DDoS attacks according to Akamai. Technology companies, online entertainment and Media companies top the list of high priority targets for attackers.

“The sources for DDoS attacks are often countries that have a high number of bot infected machines and a low adoption rate of filtering of spoofed packets,” Wueest said. “This, together with a high volume of unpatched open DNS or NTP amplifier services, makes them an ideal launching platform for DDoS attacks.”

DDoS attacks are a reality in the tech word they are difficult to prevent but their impact can be mitigated. Akamai advises companies to used cloud based protection services Such as DDoS filtering technology. Fighting DDoS on the could enables the victim to “deflect these attacks with a distributed infrastructure,” said Summers. “Instead of fighting one fire roaring at the edge of your data center, you’re able to fight it with 1,000 smaller fires, all scattered around the edges of the Internet.”

Other techniques of mitigating the impact of DDoS according to Wueest include, having an incident response plan ready, verifying server configuration, using a layered filtering approach and partnering with external service providers, and building scalability and flexibility into the network.

Lawrence Mwangi Lawrence is a technology and business reporter. He has freelanced for a number of tech sites and magazines. He is a web-enthusiast, with a special interest in Online security, Entrepreneurship and Innovation. When not writing about tech he can be found in a Tennis court or on a chess board.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.