DDoS Attacks Growth Could Lead to Flood of New Attacks in 2017
DDoS & Cyber Security Insights analyzes attack and mitigation data collected through Neustar SiteProtect, a global DDoS mitigation network, from January 1, 2016 through November 30, 2016.
Key findings include:
Increasing frequency of DDoS Attacks. The frequency of DDoS attack mitigations by Neustar increased 40% compared to the same period of time in 2015.
Eruption of multi-vector attacks. Multi-vector attacks, which combine attack vectors to confuse defenders and supplement attack volume, increased 322% and accounted for 52% of the attacks mitigated. User datagram protocol, transmission control protocol and Internet Control Message Protocol comprise the three most popular attack vectors, leveraged in more than 50% of attacks.
Vulnerability of Domain Name System and DNSSEC. DNS-based attacks increased 648% with many attackers leveraging DNSSEC amplification to generate massive volumetric pressure. Previous Neustar research, determined that the average DNSSEC amplification factor for a DNSSEC signed zone was nearly 29 times greater than the initial query.
IoT Botnets Emerge as DDoS Attack Tools.The threat of IoT botnets realized in 2016 through malware such as Mirai and similar types of malware, which compromise IoT device credentials. The malware then enrolls them into botnets, activated by command and control servers. After publishing these code assemblies, new developments continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain device control even after a reboot.
“Mirai signals a watershed moment for DDoS attacks, where the bad guys finally turned the Internet back on its users,” Joffesaid. “It is imperative to invest in effective DDoS protection now because the threat landscape has fundamentally changed."
Another problem is the recurring threat. The source code, for example, that powered the IoT botnet responsible for launching the historically large distributed DDoS attack against KrebsOnSecurity in September has been publicly released. This could potentially flood the web with attacks from many new botnets powered by unsecured routers, IP cameras, digital video recorders and other easily hackable devices.