Threat Trends
5 mins
Everything you need to know: DDoS attacks on the rise
According to a Netscout report, the first half of 2023 witnessed a surge in distributed denial-of-service (DDoS) attacks, 7.9 million incidents. A staggering 31% year-over-year increase.
And as DDoS incidents surge, so does their frequency in headlines… Attacks have targeted prominent entities, with the Canadian Government facing assault in September and the official website of the UK’s royal family falling victim in October. But notably, the biggest attack was recorded in late August, affecting Amazon and Google.
"Last year, we blocked the largest DDoS attack recorded at the time. This August, we stopped an even larger DDoS attack — 7½ times larger — that also used new techniques to try to disrupt websites and Internet services."
Google Blog, Oct. 10 2023
Uncovering DDoS attacks
A Distributed Denial of Service (DDoS) attack is an attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. In a DDoS attack, multiple computers infected with malware, often referred to as a botnet, are used to generate a massive volume of traffic and send it to the target simultaneously.
The objective of a DDoS attack is to make a website, online service, or network unavailable to its intended users. This excessive load can cause the targeted system to slow down, become unresponsive, or crash. Today, hundreds of millions of requests can be generated during attacks.
"This two minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023."
Google Blog, Oct. 10 2023
Despite growing awareness, the defense against these attacks remains challenging due to their distributed nature. Effectively differentiating between legitimate web traffic and requests involved in the DDoS attack proves to be a daunting task. The challenges in defending against them also extend to tracing them since they can involve hundreds and thousands of devices.
DDoS attacks can take various forms, including:
- Volumetric Attacks: Flood the target with a high volume of traffic to consume its bandwidth and overwhelm its infrastructure.
- Protocol Attacks: Exploit vulnerabilities in network protocols, consuming server resources and making them unavailable.
- Application Layer Attacks: Target specific applications or services, exploiting vulnerabilities in the application layer to exhaust server resources.
Innovative and evolving: DDoS attacks to look out for in 2024
The sophistication of DDoS attacks is on the rise, as evidenced by recent incidents involving suspected Russia-linked hacktivists targeting crucial Microsoft services in July. This heightened sophistication is apparent in attackers' use of multiple virtual private servers, rented cloud infrastructure, open proxies, and specific DDoS tools.
- Layer 7 (L7) Application Attacks
Notably, the attacks against Microsoft employed Layer 7 targeting, honing in on elements of the application’s server infrastructure, in contrast to the more traditional Layer 3 or 4 attacks that focus on the network and transport layers. L7 attacks are tricky to spot because they target app-specific resources, using malicious bots to mimic legitimate requests. Even simple L7 attacks, like those on login pages with random user IDs and passwords, can overload CPUs and databases.
- Ransomware DDoS Attacks
RDDoS campaigns driven by financial motives experienced a significant uptick since 2020, with threat actors demanding ransom payments in bitcoin to prevent crippling DDoS attacks on targeted networks. Notably, these attacks are not limited to extorting financial institutions; they also serve as effective distractions, diverting security teams' attention while allowing intruders to infiltrate organizations through alternative means.
Additionally, ransomware operators are increasingly incorporating DDoS attacks to intimidate targets into complying with extortion demands (Groups claiming to be Fancy Lazarus, Fancy Bear, Cozy Bear, the Lazarus Group, the Armada Collective have supposedly used this approach).
Recommendations
Preventing Distributed Denial of Service (DDoS) attacks requires a multi-faceted approach that combines various strategies to mitigate the impact of malicious traffic. Continuous monitoring of network traffic and the ability to detect anomalies quickly is crucial, and organizations can employ intrusion detection and prevention systems for this purpose.
Organizations can also limit the avenues through which malicious traffic can infiltrate their network infrastructure by reducing their attack surface. This reduction in exposure makes it more challenging for DDoS attacks to exploit vulnerabilities and more difficult for attackers to overwhelm the system with a flood of malicious traffic.
Continuous automated penetration testing serves as a powerful tool in reducing attack surface by systematically identifying and addressing vulnerabilities within a system on an ongoing basis. You can learn more by contacting us today.
