The state of DDOS – attacks get bigger, hacktivists join forces
Distributed denial of service (DDOS) attacks are getting bigger, with changing trends in terms of targets, attack models and attacker groups. This is according to Nupoor Chavan, Senior Solutions Engineer at Cloudflare, who was addressing a webinar this week on the state of DDOS attacks.
Chavan explained: “DDOS attacks bombard the victim server with so many requests that it cannot process requests – much like a traffic jam. Visitors experience slower page load times or cannot connect to the target server at all. This can cause victims a lot of pain, leading to service unavailability, which can have a direct impact on revenue.”
“It affects brand reputation and can also affect internal employees if they depend on services and applications that are unavailable. To get the service up and running again can involve a lot of costs.”
Chavan said DDOS attacks get bigger every year. “This year, we saw a record 71 million requests per second attack.”
Chavan added: “This year, we saw a lot of activity from hacktivist groups Killnet, REvil and Anonymous Sudan collaborating as the ‘Darknet Parliament’. Since this campaign kickstarted, we saw as many as 10 000 DDOS attacks from Darknet Parliament. Initially, the hacktivists said their main target would be banking and financial systems, but we see the most attacked industries have been computer software, gaming and gambling, followed by telecommunications and media.”
Chavan outlined other changing trends: “Most of the common attack vectors (32.5%) in recent months were DNS-based. Among these were DNS laundering attacks, in which bad and malicious traffic is laundered through reputable DNS servers to appear legitimate. These usually try to query randomised sub-domains of the victim and crash the DNS server. It can be difficult for administrators to block these attacks because they can’t block the source or the domain – because these are legitimate.”
“Another global trend is the evolution of the botnet DNA: we are seeing more VM-based botnets, with a move away from IOT devices. The VM botnets have up to 5 000 times more capacity, which means they can generate higher volume attacks with a smaller fleet size,” she said.
In Africa, where the market is going through digital transformation, the telecommunications industry was hit most, she said. In South Africa, SYNflood attacks accounted for almost 38% of attacks and DNS amplification accounted for over 33% of attacks. In Kenya, DNS amplification attacks accounted for over 64% of attacks, followed by UDP fragment flood attacks, at over 41%. In Nigeria, NTP amplification attacks dominated, at over 69%, followed by DNS amplification at over 16%.