Research by Neustar has revealed DDoS attacks are getting more sophisticated as attackers use new methods to bypass defenders and increase the volume of attackers to have a longer-lasting effect on businesses.
"The DDoS attack landscape has become increasingly complex in 2016 because there is no singular goal behind these attacks; some seek to disrupt services, while others serve as smokescreens to breach data," said Rodney Joffe, SVP and Fellow, Neustar. "Organisations must remain vigilant against conventional attacks, even as new threats are realised today and in 2017."
The frequency of attacks has increased 40% year-on-year, while multi-vector attacks have increased more than three-fold in the same period. These attacks have a particularly negative effect because they use a combination of attack mechanisms to confuse defenders and increase attack volume, resulting in a longer-lasting attack. This type of attack accounted for more than half of all DDoS activity investigated by the real-time information and analytics firm.
Another big trend uncovered by Neustar was hackers taking advantage of the weaknesses in DNS and DNSSEC. DNS attacks increased by 648% compared to the same period (January 1st-November 30th) last year. It explained that many attackers using this method leveraged DNSSEC amplification to significantly increase the volume of traffic used in an attack.
Although using the IoT to launch DDoS attacks isn't a new method, the idea of using such technologies to bring down an organisation was realised by Mirai in 2016. It uses IoT device credentials to enrol them into botnets and use them to launch attacks, without the user knowing they are being used to perform attacks.
"Mirai signals a watershed moment for DDoS attacks, where the bad guys finally turned the Internet back on its users," said Joffe. "It is imperative to invest in effective DDoS protection now because the threat landscape has fundamentally changed."
-
What is polymorphic malware?Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the companyOpinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
UK crime fighters wrangle “several thousand” potential cyber criminals in DDoS-for-hire honeypotNews The sting follows a recent crackdown on DDoS-for-hire services globally
-
US begins seizure of 48 DDoS-for-hire services following global investigationNews Six people have been arrested who allegedly oversaw computer attacks launched using booters
-
Will triple extortion ransomware truly take off?In-depth Operators are now launching attacks with three extortion layers, but there are limitations to this model
-
GoDaddy web hosting reviewReviews GoDaddy web hosting is backed by competitive prices and a beginner-friendly dashboard, and while popular, beware of hidden prices
-
Japan investigates potential Russian Killnet cyber attacksNews The hacker group has said it’s revolting against the country’s militarism and that it’s “kicking the samurai”
-
LockBit hacking group to be 'more aggressive' after falling victim to large-scale DDoS attackNews The ransomware group is currently embroiled in a battle after it leaked data belonging to cyber security company Entrust
-
Record for the largest ever HTTPS DDoS attack smashed once againNews The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS
-
Cloudflare mitigates biggest ever HTTPS DDoS attackNews A botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries
