Distributed Denial of Service (DDoS) attacks are evolving every year. From brute force bandwidth clogging 300 Gbps attacks on a media firm that we saw last year to NTP, DNS (Domain Name System) and SSDP (Simple Service Discovery Protocol) attacks that peaked in the first half of this year, unsuspecting organizations are constantly subjected to DDoS, that slows their systems down and affects their business.
In a recent Infoblox post, you saw that an open resolver can be a dangerous thing and can be used in DNS reflection attacks. But cybercriminals are finding more creative ways to find vulnerabilities and launch attacks. Let me take you through a few examples.
Most recently, a Linux botnet launched powerful DDoS attacks against organizations in the online gaming and education industries in Asia and US. The main attack vectors were SYN and DNS floods and the bandwidth of the attacks reached up to 150+ Gbps, according to Akamai’s threat advisory on the attacks. Botnet based DDoS attacks have been in use often in the past but what makes this attack unique is that it involves infected Linux machines running a stealthy Trojan called “XOR DDoS”. Although this infection happened by cracking weak passwords and was not the result of the exploitation of vulnerability in the Linux OS itself, the botnet grew quickly to launch large scale DDoS attacks. This goes to show that proper maintenance and governance of systems, including Linux machines, which are generally considered secure, is key.
The second general trend we see more of today is insecure consumer devices like web-connected cameras forming a botnet and launching DDoS attacks. As the race to “connect things” reaches a feverish pace, security considerations are taking a back seat and hackers are exploiting these vulnerable embedded devices. Among these “IoT botnets”, CCTVs are one of the most frequently used connected devices to launch DDoS attacks. In addition, there have been cases of DNS DDoS malware infiltrating consumer devices like home gateways and Internet connected cameras.
Saving the best for last, let’s look at the biggest DDoS story of the year – DDoS for Bitcoin. If you haven’t already heard, DDoS for Bitcoin or DD4BC as it has been called, is the name given to an attack campaign launched by an extortionist group. The campaign, primarily targeted at financial services industries, but most recently expanded to target media, entertainment, online gaming and retail companies in Europe, Australia and US, starts with low scale DDoS attacks like UDP floods launched at the target to “demonstrate” the cybercriminal’s capability. Then, the target is asked to pay a Bitcoin ransom to avoid being bombarded with a much larger DDoS attack that could take its website down. There are least three dozen known targets that have been victims of DDoS for Bitcoin. Some have paid up to buy time and put mitigation in place while others have refused.
DDoS attacks of any kind are always disruptive. Having a well thought out DDoS response process and implementing the right mitigation technologies is essential to minimizing the effects of an attack on the business. Infoblox provides a crucial component in your DDoS mitigation arsenal –Infoblox External DNS Security, a DNS server with built-in DDoS protection that provides defense against the widest range of DNS based DDoS attacks. It intelligently detects and mitigates DNS DDoS from the Internet while responding only to legitimate queries. Moreover, it uses Infoblox Threat Adapt technology to automatically update its defense against new and evolving threats as they emerge, without the need for patching.
DNS is the top application layer attack vector tied with HTTP. DNS is also the number one protocol used for reflection/amplification attacks.
So while you may not be able to do much about those improperly secured coffee machines and refrigerators connecting to the Internet, you can do something about preventing your critical networking infrastructure like DNS from going down in the event of a DDoS attack.
Read this eBook to learn more about the top ten DNS attacks.
To learn more about how Infoblox External DNS Security can help mitigate DNS DDOS, read this datasheet.