- DDoS attacks in 2018 have increased by 16%, Akamai researchers have found
- Record-breaking 1.35 Tbps DDoS attack observed in 2018.
- Attackers using new traffic-generating techniques to enhance attacks.
Over the past year, cyberthreats have significantly evolved as cybercriminals continue to incorporate new methods and techniques. Although 2018 has been the year of cryptomining so far, as well as ransomware, enterprises have also been hit with numerous DDoS attacks.
In their recently published Summer 2018 State of the Internet Security report, security researchers at Akamai state that DDoS attacks have risen by 16% in 2018 as cybercriminals continue to employ new techniques to enhance these attacks. What is more, new attacks leveraging new variants of the proliferate Mirai botnet continue to be launched by cybercriminals.
Record-breaking DDoS attacks
2018 saw a software development company hit with a record-breaking 1.35 Tbps DDoS attack. The attack also saw hackers leverage memchached servers for the first time ever.
“Luckily, attacks using memcached faded nearly as quickly as they rose. As more attackers incorporated this reflector into their tools, there was less attack bandwidth available for each,” Akamai researchers said in a report. “Clean-up efforts by administrators also had a powerful impact on reducing the attacks, as they
strongly curtailed the number of available memcached servers. Many organizations responded quickly to this threat and protected the servers on their networks.”
New emerging DDoS trends
Most DDoS attacks rely on a high volume of traffic to clog up the targeted site’s pipes. However, these volumetric attacks do not require the attackers to possess any specialized skills.
According to Akamai researchers, hackers are now also incorporating new traffic-generating techniques and other methods when launching DDoS attacks. This hints at an evolving attack vector.
“A small number of attacks show new or unusual variations in attack patterns. This might be the use of a seldom seen protocol, a new method of generating traffic, or perhaps hidden messages in the body of each packet. These attacks aren’t necessarily more effective, but their novelty can sometimes gives them an outsized impact,” Akamai researchers noted.
In one particular instance, hackers hit the targeted corporation’s DNS server, instead of its official website. Although most DDoS attacks hit the targeted organizations’ websites, this usually adds a time constraint for the attackers. However, when hackers target a DNS server, it becomes highly challenging for victims to identify the attacked servers on the internet.
“This type of attack is much harder to defend against, as legitimate traffic has to be carefully filtered from attack traffic in order to avoid dropping real customer requests,” Akamai researchers said.
Mitigation efforts must evolve too
2018 also saw law enforcement officials shut down one of the most popular DDoS-for-hire sites. Operation Power Off - a collaborated effort between Europol, the Dutch police and the UK’s National Crime Agency (NCA) - shut down the webstresser.org site and resulted in the arrest of the site’s administrator on April 24.
The operation was launched after law enforcement authorities figured out how DDoS-for-hire services acted as efficient enablers for even low-level hackers. To stay safe, both government and private organizations must adapt their mitigation efforts to match the evolving nature of DDoS attacks.