DDoS Attacks Increased Rapidly During the COVID-19 Pandemic as Hackers Exploited New Tools and Techniques – CPO Magazine

admin on January 31, 2021 Leave a Comment

Report by A10 Networks says that Distributed Denial of Service (DDoS) attacks continuous growth became a significant cybersecurity threat and nuisance in 2020. The firms threat intelligence report says that DDoS attacks became more intense and sophisticated during the COVID-19 pandemic as organizations struggled to support the remote workforce during the work from home period.

The group says it observed over 200,000 compromised devices and analyzed their behavior and the exploits employed to hijack the gadgets.

The A10 research team observed attack agents controlled by botnet command and control (C2) through the deployments of honeypots and scanning DDoS attack amplification sources.

The researchers noted that DDoS attacks increased during the COVID-19 crisis as threat actors exploited the pandemic to execute large and small-sized attacks on various victims, including healthcare, education, and government.

Consequently, the research group witnessed an expanding attack landscape in 2020 caused by the COVID-19 pandemic. The report states that DDoS attacks continue to be the biggest nuisance during the COVID-19 pandemic and in the foreseeable future. Most notably, A10 Networks witnessed an increase in DDoS weaponry by 12% within the second half of 2020.

Rich Groves, Director of Security Research at A10 Networks says that the increase in the number of DDoS weapons and connected devices, the 5G network rollout, and the use of new exploits and malware by attackers, made it very easy for these IoT devices to be compromised.

5Gs improved internet connection speeds led to increased internet traffic, ultimately leading to an increase in the number of attacks.

A10 report also correlated with Amazon and Googles observations indicating that DDoS attacks peaked at 2.3 Gbps on amazon web services and 2.5 Gbps on Googles cloud platform. Akamai also blocked 809 million packets targeting the Akamai platform on June 21, 2020.

The high volume of online shopping occasioned by COVID-19 pandemic also led to increased DDoS attacks during the holiday shopping season.

The team discovered changes in the DDoS weapon choice used by threat actors during the DDoS attacks experienced during the COVID-19 pandemic. The previously-preferred DDoS weapon Portmap dropped in popularity to the third position during the second half of 2020.

Simple Services Discovery Protocol (SSDP) became the most preferred DDoS weapon used in 2,581,384 attacks, while SNMP (1,773,694) took the second position. ODNS Resolver (1,706,338) and TFPT (1,409,121) occupied the fourth and fifth positions respectively.

A10 researchers noted exponential growth in DDoS attacks from botnets located in India. Botnets are compute nodes including routers, IP cameras, servers and computers, IoT devices, etc., infected with malware and used to carry out DDoS attacks.

The report authors noted that botnets provide the ultimate flexibility to DDoS attackers as they can be sourced from different locations across the globe, depending on the attackers requirements.

A10 network researchers found 130,000 unique IP addresses exhibiting scanning behavior resembling that of the Mirai botnet in the first two weeks of Sept. 2020. The research tracked a total of 846,700 botnet agents during the period.

A leading Indian broadband provider was the single largest contributor of DDoS activity, according to the report. The broadband provider was associated with up to 200,000 unique sources of Mirai-like activity at the height of the campaign.

India hosted about a third (32%) of botnet agents, followed by Egypt hosting almost a quarter (24%) of hijacked devices. China (17%) emerged as the third source of DDoS botnets while Brazil (2%) and Taiwan (2%) tied at the fourth position. Top ASNs hosting botnet agents include Hathway India (26%), Telecom Egypt (24%), China Unicom (11%), China Telecom (4%), and MTNL India (3%).

The research notes that although DDoS attacks were globally distributed, they frequently originate from certain countries. The report also found that those countries hosted the majority of DDoS weapons. In determining the top sources of DDoS weaponry, the researchers analyzed the autonomous system number (ASN), a group of IP addresses under a single administrative operator. They observed that large numbers of weapons belonging to their users can remain connected to their network and play a role in attacking other systems.

China displaced the United States as the leading DDoS weaponry source, pushing it to the second position. The country hosts 2,000,313 DDoS weapons compared to the United States 1,900,812. South Korea (1,140,497) maintained its third position while a new entrant, Brazil (756,540), occupied the fourth position, pushing Russia (679,976) one step down to the fifth position. The remaining 7,291,999 DDoS weapons resided in other countries across the world.

Top organizations hosting DDoS weapons include China Telecom (767,898), Korea Telecom (703,639), China Unicom CN (665,053), Taiwanese Chungwha Telecom (286,973), and CANTV Venezuela (286,019).

The amplification of DDoS attacks involves sending small requests to the victims IP address, causing the servers to reply with large amplified responses.

DNS, NTP, SSDP, SNMP, and CLDAP UDP-based services are usually exploited during these types of attacks.

In the second half of 2020, A10 Network researchers observed more than 2.5 million unique systems exploiting SSDP services. In total, the researchers tracked more than 11.7 million amplification attacks.

For SSDP-based attacks, the top countries were South Korea with 436,165 unique sources, followed by China (320,828) and Venezuela (289,874).

The United States (557,280), China (291,717), and Russia (97,512) topped SNMP unique amplification sources.

The researchers advised organizations to carry out various security operations to rule out the possibility of compromise. A10 network researchers advised businesses to check their network traffic and drop connections they do not need.

A10 Networks said #DDoS attacks increased during the pandemic as #hackers exploited new tools, 5G networks, and the rising numbers of #connecteddevices. #cybersecurity #respectdataClick to Tweet

Updating IoT devices, employing DDoS baselining, artificial intelligence (AI) and machine learning (ML) techniques was also encouraged.

See the rest here:
DDoS Attacks Increased Rapidly During the COVID-19 Pandemic as Hackers Exploited New Tools and Techniques - CPO Magazine

Related Posts
Posted in Internet Security

Comments are closed.