Posted on January 23, 2019 at 2:44 PM
ISP-Targeting DDoS Attacks Found to be Using Stealthy New Methods
According to a recent analysis of DDoS-related data, Q3 of 2018 has seen a significant increase of denial-of-service attacks that targeted Internet Service Providers (ISPs). The analysis was performed by Nexusguard, and the report is titled ‘Q3 2018 Threat Report’.
New method of conducting DDoS attacks
According to the report, attackers are using much stealthier methods, which come down to targeting traffic across numerous IP prefixes. Typically, DDoS attacks tend to target a single IP address, which can be overwhelmed relatively easily. Now, however, attackers are using small bits of junk to cover a large number of addresses, often hundreds at a time.
The method has proven to be rather successful for those who wish to overwhelm CSP’s (communications service providers’) networks, as the additional traffic comes in smaller doses, going from2.5 Mbps – 2.48Gbps per IP. However, most of them were between 33.4Mbps and 300Mbps, which makes them harder to detect. However, while small, they can still cause a lot of damage to a targeted service or website.
According to the report, nearly 160 autonomous systems belonging to ISPs were attacked by using this method in Q3 2018. Furthermore, attackers have made an effort to precisely map the network and determine which IP addresses might be critical. Due to the clear evolution of the DDoS attacking methods, CSPs will have to find a way to enhance their network security, as well as to additionally secure their infrastructure. The same is true for corporations which might be targeted via the same method in the future.
The report also mentions that CSPs were a target of over 65% of attacks that have occurred around the world in Q3. One proposed method of dealing with the new DDoS attack method would be for organizations to use the cloud on the network edge, which will share the load and reduce the impact of the ongoing attacks.
Regular measures against DDoS attacks, such as blackholing traffic, are simply not going to work in this scenario, as numerous IP addresses get affected at once.
Researchers have found that, despite the reduction in the size of attacks per IP, the new method has the potential to make DDoS attacks much bigger. Over the years, researchers have reported that DDoS attacks are becoming more massive, as well as more sophisticated, with the new report indicating that the trend persists.
Furthermore, the popularity of the attacks has grown as well, and there were numerous reports of websites that are offering DDoS attacks to those who are willing to pay for them. These services were also targeted by authorities, who made several moves to shut them down in the past. Despite the success of such operations, many of DDoS-for-hire services still persist, while the new ones are emerging as well.
According to NETSCOUT’s recent blog post, it is expected that even more attackers will emerge throughout 2019, and continue to offer their services. Researchers have also noted that many of the tools offered by DDoS-for-hire services are not new, but that they still work. Getting easy access to them increases the danger for legitimate websites, while at the same time, threats like malware continue to evolve cause higher amounts of damage.