Cybersecurity firm Corero Network Security issued a year-end report, focused on Q2 and Q3 2017, showing that DDoS attacks had doubled over the six month period. Its researchers largely attributed this rapid growth to unsecured Internet of Things (IoT) devices being exploited into botnets by cybercriminals.
Its latest trends report identified four key takeaways from 2017’s Q2 and Q3:
- (i) DDoS attacks have doubled in frequency over the last six months
- (ii) Two distinct attack types, multi-vector and service floods, are explained
- (iii) Ransom Denial of Service (RDoS) attacks are on the rise
- (iv) How DDoS is linked to data breach activity
(i) In Q3 2017, Corero customers saw an increase of 35% in DDoS attacks compared to the previous quarter. They also saw an average of 8 attacks per customer per day – double what was seen in Q1 of the same year.
(ii) Corero reported seeing a wide variety of DDoS attacks over Q2 and Q3, but noted that two distinct types of attack stood out as making up a significant portion of those attacks: (a) Sophisticated, multi-vector attacks, intended to elude traditional IT security checks (b) Service flood attacks, aimed at saturating the bandwidth target victim, leading to service outages, downtime and latency.
Types of attack seen, many generated via modern toolkits, include DNS query floods, GET floods, UPD floods and SYN floods. Cybercriminals are switching from simple volumetric attacks to more complicated multi-vector efforts.
(iii) Ransom Denial of Service (RDoS) threats made a comeback, targeting companies across the U.S., Europe and Asia. Industries targeted range from hosting providers to banks to online gaming services. The Phantom Squad hacker group launched messages in September, demanding Bitcoin payment, with threats to execute DDoS attacks on September 30 unless their demands were met.
(iv) Corero concluded its key insight section by discussing the use of DDoS as a distraction tool. When a DDoS attack occurs, security teams focus on the DDoS traffic, working out ways to mitigate it; which can allow hackers to slip through other areas of the network to plant malware or ransomware. The attacks are not designed to deny service, therefore; but rather to deny security, by working as a camouflage that masks more malevolent activities, such as network infiltration (to map out further vulnerabilities) and data threat.
In a press release, Corero’s CEO, Ashley Stephenson, also said that DDoS-for-hire services have significantly lowered the barrier for entry for cybercriminals to carry out these attacks. Stephenson, like many others, also attributed the spike in DDoS attacks to the exploitation of poorly secured IoT devices, saying: “Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets.” He added, “The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”