It’s all quiet on the DDoS front, but don’t get complacent: The lull is expected, said Kaskersky, and new attack vectors could spell a coming resurgence.
Kaspersky’s quarterly DDoS attack report is one that its writers describe as “relatively calm,” but don’t let that statement fool you: There’s still a lot of dangerous DDoS threats and new actors waiting for their time to strike. Not only that, but the second quarter lull is expected.
“There was a slight decrease in the total number of attacks compared to the previous quarter, which is typical for this period and is observed annually,” said Kaspersky DDoS protection team business development manager Alexey Kiselev.
SEE: Security incident response policy (TechRepublic Premium)
The expected calm doesn’t mean there’s time to take a break: Cybercriminals definitely aren’t, with Kaspersky reporting two new potential DDoS attack vectors and a rise in DDoS attacks as a ransomware tool.
The first of the new attack vectors uses the Session Traversal Utilities for Network Address Translation (NAT), or STUN, protocol. Traditionally used to map internal IP addresses and ports from behind a NAT to external ones, attacks early in 2021 started exploiting it to amplify traffic volume and use them as reflectors. Kaspersky warned that more than 75,000 STUN servers across the globe are vulnerable to this type of DDoS attack and recommends any organization using STUN to take steps to protect themselves before they’re hit.
The second vector Kaspersky mentioned is a DNS bug called TsuNAME. It functions by exploiting errors in authoritative DNS server configuration that cause certain domains to point at each other, resulting in an endless request loop that floods the server and renders it useless.
While no attackers have exploited the TsuNAME vector yet, it could give a boost to DDoS attacks targeting DNS servers, like the one that took Microsoft services offline in April. Kaspersky provided remediation steps for TsuNAME as well: It said that authoritative DNS server owners should “regularly identify and fix such configuration errors in their domain zone, and owners of DNS resolvers to ensure detection and caching of looped requests.”
DDoS attacks as a part of the ransomware arsenal have been gaining momentum as well, Kaspersky said. A cybercriminal group calling itself Fancy Lazarus (they are not believed to be a state-sponsored APT) launched multiple attacks against U.S.-based targets using DDoS attacks, and operators of the Avaddon ransomware used the threat of DDoS attacks along with file encryption to extort ransoms against Australian company Schepisi Communications.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
DDoS attacks decreased by 38.8% compared to Q2 2020, and 6.5% compared to Q1 2021 but, as mentioned above, those numbers are expected. Kiselev said that a key factor in predicting the third quarter and beyond is cryptocurrency prices, which he said have remained consistently high. With that in mind, Kiselev said, “in the third quarter of 2021, we also do not see any prerequisites for a sharp rise or fall in the DDoS attack market.”
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
Also see
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
