Neustar‘s Security Operations Center (SOC) saw a 168% increase in distributed denial-of-service (DDoS) attacks in Q4 2019, compared with Q4 2018, and a 180% increase overall year-on-year. According to their latest cyber threats and trends report, Neustar saw DDoS attacks across all size categories increase in 2019, with attacks sized 5 Gbps and below seeing the largest growth. These small-scale attacks made up more than three quarters of all attacks the company mitigated on behalf of its customers in 2019.
DDoS attacks taking varied forms
In 2019, the largest threat Neustar mitigated, at 587 gigabits per
second (Gbps), was 31% larger than the largest attack of 2018, while the
maximum attack intensity observed in 2019, 343 million packets per
second (Mpps), was 252% higher than that of the most intense attack seen
in 2018. However, despite these higher peaks, the average attack size
(12 Gbps) and intensity (3 Mpps) remained consistent year over year. The
longest single, uninterrupted attack experienced in 2019 lasted three
days, 13 hours and eight minutes.
Though the number of attacks increased significantly across all size
categories, small-scale attacks (5 Gbps and below) again saw the largest
growth in 2019, continuing the trend from the previous year. The
combination of DDoS-for-hire and botnet rental services has made DDoS
attacks much easier to execute, but the fact that perpetrators seem to
be in many cases choosing to engage in small-scale attacks suggests that
their goal may often be something other than taking a site completely
offline.
“Large, headline-making DDoS attacks do still take place, but many
cybersecurity professionals believe that smaller attacks are being used
simply to degrade site performance or as a smokescreen for other forms
of cybercrime, such as data theft or network infiltration, which the
perpetrator can execute more easily while the target’s security team is
busy fighting a DDoS attack,” said Rodney Joffe, senior vice president,
senior technologist and fellow at Neustar. “Furthermore, with the
current move of the bulk of the workforce globally to a work from home
model, we expect to see a significant increase in DDoS attacks against
VPN infrastructure. This risk makes an ‘always on’ DDoS mitigation
service even more critical.”
In addition to conventional DDoS attacks, which seek to exhaust
bandwidth, in 2019 Neustar also observed an increase in network protocol
or state exhaustion attacks, which target network infrastructure
directly. Volumetric attacks continued to proliferate as well, with
attackers using new DDoS vectors such as Apple Remote Management
Services, Web Services Dynamic Discovery, Ubiquiti Discovery Protocol
and the Constrained Application Protocol.
Said Joffe, “During the shift to teleworking at scale, we would not
be surprised to see the VPN protocol ports added to these targeted
attacks.”
Two- and three-vector attacks ‘just right’ for attackers
In 2019, approximately 85% of all attacks used two or more threat
vectors. That number is comparable to the 2018 figure; however, the
number of attacks involving two or three vectors rose from 55% to 70%,
with correspondingly fewer simple single-vector attacks and complex
four- and five-vector attacks, suggesting that attackers have settled
into the Goldilocks zone for attacks.
Security professionals continue to view DDoS attacks as a growing threat. According to the most recent Neustar International Security Council
(NISC) survey, when asked which vectors they perceived to be increasing
threats during November and December 2019, senior-level cybersecurity
decision-makers cited social engineering via email most frequently
(59%), followed by DDoS (58%) and ransomware (56%).
Web attacks increasing
2019 saw web attacks on the rise as well. Most companies recognize the
danger that slow-loading websites pose to their business and attempt to
protect them with web application firewalls. In the most recent NISC
survey, 98% of respondents agreed that a WAF was an essential component
of their security infrastructure. However, as more and more enterprises
use multiple cloud providers, often involving a mix of public and
private clouds, the need for consistent security across applications and
platforms is growing.
“Web attacks can be difficult to track because some variation in the
performance of websites is to be expected, but they are increasingly
critical for businesses to address. One survey found 45% of consumers
are less likely to make a purchase when they experience a slow loading
website, and 37% are less likely to return to a retailer if they
experience slow loading pages,” added Joffe.
A vendor-neutral cloud WAF, coupled with DDoS protection, can
eliminate a large portion of threats, allowing enterprise application
experts to focus their attention on the more specialized attacks.
Continuous updates from a reliable threat feed can also deliver
information on bad IPs and botnet command and control (C&C) sites
before they are able to damage the network.
A complimentary copy of the Neustar 2019: The Year in Review cyber threats and trends report is available here.
This latest Domain News has been posted from here: Source Link