New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach
SANFRANCISCO, UNITED STATES - Media OutReach - January 22,2019 - The Nexusguard "Q3 2018 Threat Report"has revealed the emergence of an extremely stealthy distributed denial-of-service(DDoS) attack pattern targeting communications service providers (CSPs). This new vector exploits the large attack surface of ASN-level(autonomous system number) CSPs by spreading tiny attack traffic acrosshundreds of IP (internet protocol) addresses to evade detection. The ongoingevolution of DDoS methods suggests that CSPs need to enhance their networksecurity posture and find more effective ways to protect their criticalinfrastructure and tenants. The continued discovery of new attack patternsshould also alert enterprises to the importance of selecting DDoS-proof serviceproviders.
The quarterly report,which measures thousands of DDoS attacks around the world, showed CSPs weretargeted by 65.5 percent of DDoS attacks in Q3, given their extensive networks enablingaccess to tenants' assets. Attackers were found to have contaminated a diversepool of IP addresses across hundreds of IP prefixes (at least 527 Class Cnetworks, according to Nexusguard findings) with very small-sized junk traffic.As a result, the year over year average attack size in the quarter fell measurably- 82 percent.
"Perpetrators are using smaller, bit-and-piecemethods to inject junk into legitimate traffic, causing attacks to bypassdetection rather than sounding alarms with large, obvious attack spikes," saidJuniman Kasman, chief technology officer for Nexusguard. "Diffused traffic cancause CSPs to easily miss large-scale DDoS attacks in the making, which is whythese organizations will need to share the load with the cloud at the networkedge to minimize attack impact."
Nexusguard analysts believethat attackers conducted reconnaissance missions to map out the networklandscape and identify the mission-critical IP ranges of targeted CSPs. Thenthey injected bits and pieces of junk into legitimate traffic, whose sizeeasily bypassed detection thresholds. Mitigating broadly distributed,small-sized attack traffic is more difficult at the CSP level, in comparison tothe traditional volumetric attack method on a small number of targeted IPs. Theconvergence of polluted traffic that slips through the "clean pipes" ofupstream internet service providers forms a massive traffic flow that easilyexceeds the capacity of mitigation devices, leading to high latency at best,deadlock at worst.
The "bit-and-piece"attacks observed in the quarter often leveraged open domain name system (DNS)resolvers to launch what is commonly known as DNS Amplification, whereby atargeted IP address receives only a small number of responses in eachwell-organized campaign, leaving little or no trace. Black-holing all trafficto an entire IP prefix may be a solution but is costly since black-holing willalso block access to a wide range of legitimate services.
Other report findings show:
- China advanced its lead of globalattack origins, contributing more than 23 percent of worldwide campaigns
- 15 percent of attacks originatedin the United States
- Simple Service Discovery Protocol(SSDP) amplification attacks rose 639.8 percent over Q2 2018, a result of thenew pattern targeting CSPs
Nexusguard's quarterly DDoS threat researchmeasures attack data from botnet scanning, honeypots, internet serviceproviders (ISPs) and traffic moving between attackers and their targets to helpcompanies identify vulnerabilities and stay informed about global cyber securitytrends. Read the full "Q3 2018 Threat Report" for more details.
AboutNexusguard
Founded in 2008, Nexusguard is a leadingcloud-based distributed denial of service (DDoS) security solution providerfighting malicious internet attacks. Nexusguard ensures uninterrupted internetservice, visibility, optimization and performance. Nexusguard is focused ondeveloping and providing the best cybersecurity solution for every clientacross a range of industries with specific business and technical requirements.Nexusguard also enables communication service providers to deliver DDoSprotection solution as a service. Nexusguard delivers on its promise to provideyou with peace of mind by countering threats and ensuring maximum uptime. Visitwww.nexusguard.com for more information.