SAN FRANCISCO, USA - Media OutReach
- 6 January 2020 - DNS amplification attacks continue to
increase in number, growing 4,788% over Q3 2018, according to Nexusguard's Q3 2019 Threat Report.
DNSSEC (Domain Name System Security Extensions) remains the main driver of
growth of DNS amplification attacks in the quarter, yet Nexusguard analysts
have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN
Flood is not a new method, but findings indicate that techniques have grown in
sophistication and have emerged as the third most used attack vector, behind
DNS amplification and HTTP flood attacks.
Cyberattackers have long favored DDoS attacks that amplify damage
beyond the resources required, but suitable reflectors or amplifiers are not as
widely available for DNS amplification and memcached reflection attacks. In
contrast, any server with an open TCP port is an ideal attack vector, and such
reflectors are widely available and easy to access to cause SYN Flood
Consequently, SYN Flood reflection not only hits targeted victims, but
also can impact innocent users, including individuals, businesses, and other
organizations. These innocent victims end up having to process large volumes of
spoofed requests and what appear to be legitimate replies from the attack
target. As a result, bystanders can incur hefty fees for bandwidth consumed by
junk traffic, or even suffer from secondary outages.
"Our research findings revealed that even plain-vanilla network
attacks could be turned into complex, stealthy attacks leveraging advanced
techniques, from the bit-and-piece attacks, also known as carpet bombing, we
identified last year, to the emergence of Distributed Reflective DoS (DRDoS)
attacks in the third quarter. Telcos and enterprises
must take note while these tactics don't cause
notable strain on network bandwidth, which may go undetected, but that they are powerful enough to impact their service. Advanced
mitigation techniques are required to address
these threats," said Juniman Kasman, chief technology officer for Nexusguard.
Report findings also showed that 44% of Q3 attack traffic came from
botnet-hijacked Windows OS computers and servers. The second largest source of
traffic came from iOS-equipped mobile devices. The total number of attacks has
mirrored patterns observed in 2019, with Q1 seeing the highest number attacks
and numbers dropping over Q2 and Q3. While attack volume has decreased since Q2
2019, levels grew more than 85% compared to the same quarter last year. More
than half of all global attacks originated in China, Turkey or the United
Nexusguard's quarterly DDoS threat research gathers attack data from
botnet scanning, honeypots, CSPs and traffic moving between attackers and their
targets to help companies identify vulnerabilities and stay informed about
global cyber security trends. Read the full "Q3 2019 Threat Report"
for more details.