With assistance from the U.K.’s National Crime Agency, the Dutch national police and several tech companies, the FBI has seized the domains of 15 high-profile distributed denial-of-service (DDoS) websites.
Several seizure warrants granted by a California federal judge went into effect Thursday, removing several of these “booter” or “stresser” sites off the internet “as part of coordinated law enforcement action taken against illegal DDoS-for-hire services.” The orders were granted under federal seizure laws, and the domains were replaced with a federal notice. Prosecutors have charged three men in the US with operating the sites, according to affidavits filed in three U.S. federal courts.
Read more about the law enforcement operation on TechCrunch.
RFC 7252, also known as the Constrained Application Protocol (CoAP), is about to become one of the most abused protocols in terms of DDoS attacks. If readers don’t recognize the name of this protocol that’s because it’s new –being formally approved only recently, in 2014, and largely unused until this year.
CoAP was designed as a lightweight machine-to-machine (M2M) protocol that can run on smart devices where memory and computing resources are scarce. CoAP is inherently susceptible to IP address spoofing and packet amplification, the two major factors that enable the amplification of a DDoS attack.
Read more about CoAP and how it may be abused in DDoS attacks on ZDNet.
Several of Cambodia’s biggest internet service providers (ISPs) have been hit by large-scale DDoS attacks over the last few days. Users of EZECOM, SINET, Telcotech, and Digi, have confirmed difficulties in accessing online services all week, with the biggest problems being reported on Monday and Tuesday.
Local news outlets have called the DDoS attacks some of the biggest in the country’s history. According to sources familiar with the matter, DDoS attacks totaling nearly 150Gbps have hit Cambodian ISPs on Monday. The downtime caused by the attacks have lasted for as much as half a day, and internet access speeds have been slow all week, as smaller-sized DDoS attacks have continued to hit ISPs.
Read more about the DDoS attacks on Cambodian ISPs on ZDNet.
Most organisations are aware that they could be the target of a DDoS attack and have deployed protection to keep their public-facing services online in the face of such attacks. However, far fewer have thought about the potential for their servers to be harnessed for use in a botnet that conducts DDoS attacks.
Up until a few months ago, attackers typically only used well-known infrastructure services, like DNS resolution servers, to launch and amplify DDoS attacks, but Memcached – a popular database caching system – changed that. Malicious hackers have begun abusing Memcached to deliver attacks that are amplified to over 50,000 times their original size.
Read more about why any organisation running Memcached to speed up their systems is a potential botnet recruit on Information Security Buzz.
Infinite Campus, one of the largest student information management systems used by schools in America, is coping with the latest in a string of Distributed Denial-of-Service (DDoS) attacks.
Over the last week, Infinite Campus has borne the brunt of a DDoS attack which has prevented parents from using the portal — and this has not been the first time the firm has been targeted. In a statement, the company said the latest DDoS attack’s “volume is 50 times greater and the duration is already 100 times longer than anything we’ve experienced before.”
Read more about the latest DDoS wave targeting Infinite Campus on ZDNet.
According to IDC Research’s recent US DDoS Prevention Survey, more than 50% of IT security decision makers said that their organization had been the victim of a distributed denial-of-service (DDoS) attack as many as 10 times in the past year.
For those who experienced an attack, more than 40% lasted longer than 10 hours. This statistic correlates with ATLAS findings, which show there were 7.5 million DDoS attacks in 2017 — a rate, says Cisco, that is increasing at roughly the same rate as Internet traffic.
Read more about why DDoS attacks are on the rise on DarkReading.
Botnets act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. By definition, they are a collection of any type of internet-connected device that an attacker has compromised. Commonly used in distributed denial of service (DDoS) attacks, botnets can also send large volumes of spam, steal credentials at scale, or spy on people and organizations.
Malicious actors build botnets by infecting connected devices with malware and then managing them using a command and control server. Once an attacker has compromised a device on a specific network, all the vulnerable devices on that network are at risk of being infected.
Read more about botnets and why they are a persistent threat, on CSO.
DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents using two or more vectors.
While attack volumes increased, researchers recorded a 36% decrease in the overall number of attacks. There was a total of 9,325 attacks during the quarter: an average of 102 attacks per day. While the number of attacks decreased overall, both the scale and complexity of the attacks increased.
A malware author has built a huge botnet comprised of over 18,000 routers in the span of only one day. This new botnet has been spotted by security researchers from NewSky Security, and their findings have been confirmed by Qihoo 360 Netlab, Rapid7, and Greynoise.
The botnet has been built by exploiting a vulnerability in Huawei HG532 routers, tracked as CVE-2017-17215. Scans for this vulnerability, which can be exploited via port 37215, started on July 18, according to data collected by Netlab’s NetScan system.
Read more about how one threat actor was able to build a huge DDoS botnet in less than a day, which shows the real sad state of SOHO router security, on BleepingComputer.
DDoS attacks don’t arrive on little cat feet; they announce their presence with the subtlety of a shovel to the face. Two just-released reports show that these loud DDoS attacks are getting louder, larger, and more numerous with the passage of time.
Verisign released its Q1 2018 DDoS Trends Report and Akamai published its State of the Internet/Security Summer 2018 report and neither was filled with good news if your job is defending a company or network against DDoS attacks. Together, the two reports paint a detailed and disturbing picture of the way DDoS attacks are evolving to be both more common and more dangerous.
Read more about the findings of the two reports on DDoS trends on DarkReading.