Keeping up with news and trends in the cyber-security arena has become a mind-boggling task. Making matters worse, the equation increasingly seems like one step forward and two steps back. A research report from security analytics and risk services firm Neustar, “DDoS & Cyber Security Insights,” is sure to add stress because it found that there’s no simple way to address this challenge.
“The DDoS attack landscape has become increasingly complex because there is no singular goal behind these attacks; some seek to disrupt services, while others serve as smokescreens to breach data,” noted Rodney Joffe, senior vice president and Fellow at Neustar. In fact, organizations must remain vigilant against conventional attacks, even as new and bigger threats emerge.
The analysis took place from January 1, 2016 through November 30, 2016. The key findings included the following:
DDoS attacks are becoming more common. The frequency of Neustar DDoS attack mitigations increased 40 percent compared to the same period in 2015.
Multi-vector attacks have become rampant. This method, which relies on multiple and combined attack vectors to confuse defenders and supplement attack volume, increased 322 percent in 2016. What’s more, this approach accounted for 52 percent of the attacks that the firm mitigated. UDP, TCP and ICMP, the three most popular attack vectors, were leveraged in more than 50 percent of attacks.
Vulnerability of DNS and DNSSEC is enormous. DNS-based attacks increased 648 percent, with many attackers leveraging DNSSEC amplification to generate massive volumetric pressure.
IoT botnets have emerged as DDoS attack tools. The threat of IoT botnets emerged in 2016. This concept was popularized by Mirai. It and similar types of malware compromise IoT device credentials to enroll devices into botnets, which are activated by command and control servers. As these code assemblies appear, new developments continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain control of a device even after it is rebooted.
The report offers three major takeaways: First, organizations must take all threats into account, rather than building defense strategies around any single or primary threat. Second, it’s critical to defend your DNS. Finally, more complex attacks will appear in the months ahead.
“Mirai signals a watershed moment for DDoS attacks, where the bad guys finally turned the internet back on its users,” Joffe concluded.