Enterprise networks and communications service providers (CSPs) need advance attack mitigation as DNS patch adoption creates new threats
SAN FRANCISCO,UNITED STATES - Media OutReach - 16 September 2019 - DNSamplification attacks swelled in the second quarter of this year, with theamplified attacks spiking more than 1,000% compared with Q2 2018, according toNexusguard's "Q2 2019 Threat Report." Nexusguard researchers attributedDomain Name System Security Extensions (DNSSEC) with fueling the new wave ofDNS amplification attacks, which accounted for more than 65% of the attackslast quarter according to the team's evaluation of thousands of worldwide DDoSattacks. DNSSEC was designed to protect applications from using forged ormanipulated DNS data, and its growing adoption suggests that DNS amplificationrisks won't disappear for service providers or enterprise networks anytimesoon.
According to the quarterly report,Paypal.com and multiple government domains fell victim to rampant DNS abuses,likely due to many of these domains deploying DNSSEC to the top-level .govdomain, as required by the U.S. government's mandate from the Office ofManagement and Budget. When blocking DNS amplification attacks, it's notrealistic to drop all DNS associated traffic, since users rely on DNS servicesto access the Internet, and the tactic could deny service to paying customers.Nexusguard researchers warn that service providers must ensure their attackmitigation technology is advanced enough to ensure server availability tolegitimate end users, to ensure their access doesn't become collateral damage.
"Although the adoption of DNSSEC isgaining wider acceptance as the patch for fixing DNS cache poisoning, it is nowcausing a new set of problems for organizations and service providers," saidJuniman Kasman, chief technology officer for Nexusguard. "Due to the long responsesthey generate, attackers often abuse DNSSEC to launch amplification attacksthat clog victim networks and hosts, which will remain a significant threat inthe future."
Nexusguard findings also confirm that"bit and piece" attacks continued to spread this quarter, adopted for attacksacross Europe, North America and Africa. Mobile devices also continued to contributeto DDoS attacks, which primarily originated from iOS mobile devices in additionto botnet-hijacked Windows machines. Nexusguard's quarterly DDoS threatresearch gathers attack data from botnet scanning, honeypots, CSPs and trafficmoving between attackers and their targets to help companies identifyvulnerabilities and stay informed about global cyber security trends. Read thefull "Q2 2019 Threat Report" for more details.
About Nexusguard
Foundedin 2008, Nexusguard is a leading cloud-based distributed denial of service(DDoS) security solution provider fighting malicious internet attacks.Nexusguard ensures uninterrupted internet service, visibility, optimization andperformance. Nexusguard is focused on developing and providing the bestcybersecurity solution for every client across a range of industries withspecific business and technical requirements. Nexusguard also enablescommunication service providers to deliver DDoS protection solution as aservice. Nexusguard delivers on its promise to provide you with peace of mindby countering threats and ensuring maximum uptime. Visit www.nexusguard.com for more information.