Posted on October 6, 2017 at 10:51 AM
Two new reports showed that DDoS attacks are becoming increasingly popular when targeting large corporate networks.
A supplier of DDoS protection service, Imperva recently announced that they found a new attack dubbed “pulse wave DDoS”. The name originates from the traffic pattern that it creates. A quick succession of attacks managed to split a botnet’s attack output. In turn, this allowed the attacker to pursue several targets. In such an attack also included the biggest network layer assault it mitigated earlier this year which peaked at 350 Gbps.
In addition to this, Infoblox Inc., a company which creates IP address management solutions, released a global survey that they conducted. The survey concludes that DNS security is often not prioritized when companies lay out their cybersecurity strategy, which leaves companies vulnerable to DNS attacks.
In their Q2 Global DDoS Threat Landscape report, Imperva based their report on data from 2618 network layer and 12825 application layer DDoS attacks on their clients’ websites.
The latest DDoS tactics, pulse wave DDoS, was described in Imperva’s blog during August. According to researchers, the tactic was designed to double a botnet’s output, and exploit vulnerabilities in “appliance first cloud second” hybrid mitigation solutions. Researchers confirmed that the attacks were alarming and unprecedented with high magnitude peaks that are performed quickly and with immense precision.
According to Imperva researchers, the responsible author of these attacks was able to mobilize a 300Gbps botnet within mere seconds. The speed in addition to the accuracy of the attack and persistence resulted in the pulses.
So far researchers suspect that the technique might have been designed in order to switch targets easily and quickly.
As to defending an attack of this magnitude, researchers have suggested that all companies that do have a DDoS mitigation provider should double check the “time to mitigation” clause in their existing agreement.
The report noted two other rising trends in DDoS attacks. Firstly, Imperva clients experienced a notable decline in network-level attacks, while there has also been a sustained increase in application-level attacks. The second trend is that in the second quarter of the year alone, 75.9% of targeted companies suffered several attacks.
The survey conducted by Infoblox consisted of the findings of over 1000 security and IT professionals. The survey confirmed that 86% of firms who have DNS solutions admitted having failed in alerting their security team during a DNS attack. In addition to this one-third of those surveyed had doubts whether their company could defend a DNS attack. Over 20% of companies alerted their DNS solutions firm of the DNS attack via a customer complaint.
A summary of the survey which was recently released stated that 3 out of 10 companies confirmed to have suffered a DNS attack. Of the affected companies, 93% suffered a downtime caused by the attack. Of the 93%, 40% of companies had a downtime lasting more than an hour.
Only 37% of surveyed professionals felt confident in their company’s ability to defend themselves against all sorts of DNS attacks.
The survey also confirmed that 24% of participants admitted to their companies losing the US $100 000 or more as a result of their latest DNS attack.
According to chief DNS architect at Infoblox, Cricket Liu, the problem here is not so much with the available DNS defense systems, but rather with most companies’ attitudes towards the importance of maintaining a DNS defense system. Liu stated that most companies regard DNS more as routine plumbing, rather than critical infrastructure.
Liu felt that this attitude was clearly observable in Infoblox’s latest study. Liu emphasized that companies would have to undergo a fundamental shift in regarding the mindset about DNS security defenses if they wish to address the severity of the attacks and keep their companies protected.