Several of Cambodia’s biggest internet service providers (ISPs) have been hit by large-scale DDoS attacks over the last few days. Users of EZECOM, SINET, Telcotech, and Digi, have confirmed difficulties in accessing online services all week, with the biggest problems being reported on Monday and Tuesday.
Local news outlets have called the DDoS attacks some of the biggest in the country’s history. According to sources familiar with the matter, DDoS attacks totaling nearly 150Gbps have hit Cambodian ISPs on Monday. The downtime caused by the attacks have lasted for as much as half a day, and internet access speeds have been slow all week, as smaller-sized DDoS attacks have continued to hit ISPs.
Read more about the DDoS attacks on Cambodian ISPs on ZDNet.
Most organisations are aware that they could be the target of a DDoS attack and have deployed protection to keep their public-facing services online in the face of such attacks. However, far fewer have thought about the potential for their servers to be harnessed for use in a botnet that conducts DDoS attacks.
Up until a few months ago, attackers typically only used well-known infrastructure services, like DNS resolution servers, to launch and amplify DDoS attacks, but Memcached – a popular database caching system – changed that. Malicious hackers have begun abusing Memcached to deliver attacks that are amplified to over 50,000 times their original size.
Read more about why any organisation running Memcached to speed up their systems is a potential botnet recruit on Information Security Buzz.
Infinite Campus, one of the largest student information management systems used by schools in America, is coping with the latest in a string of Distributed Denial-of-Service (DDoS) attacks.
Over the last week, Infinite Campus has borne the brunt of a DDoS attack which has prevented parents from using the portal — and this has not been the first time the firm has been targeted. In a statement, the company said the latest DDoS attack’s “volume is 50 times greater and the duration is already 100 times longer than anything we’ve experienced before.”
Read more about the latest DDoS wave targeting Infinite Campus on ZDNet.
According to IDC Research’s recent US DDoS Prevention Survey, more than 50% of IT security decision makers said that their organization had been the victim of a distributed denial-of-service (DDoS) attack as many as 10 times in the past year.
For those who experienced an attack, more than 40% lasted longer than 10 hours. This statistic correlates with ATLAS findings, which show there were 7.5 million DDoS attacks in 2017 — a rate, says Cisco, that is increasing at roughly the same rate as Internet traffic.
Read more about why DDoS attacks are on the rise on DarkReading.
Botnets act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. By definition, they are a collection of any type of internet-connected device that an attacker has compromised. Commonly used in distributed denial of service (DDoS) attacks, botnets can also send large volumes of spam, steal credentials at scale, or spy on people and organizations.
Malicious actors build botnets by infecting connected devices with malware and then managing them using a command and control server. Once an attacker has compromised a device on a specific network, all the vulnerable devices on that network are at risk of being infected.
Read more about botnets and why they are a persistent threat, on CSO.
DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents using two or more vectors.
While attack volumes increased, researchers recorded a 36% decrease in the overall number of attacks. There was a total of 9,325 attacks during the quarter: an average of 102 attacks per day. While the number of attacks decreased overall, both the scale and complexity of the attacks increased.
A malware author has built a huge botnet comprised of over 18,000 routers in the span of only one day. This new botnet has been spotted by security researchers from NewSky Security, and their findings have been confirmed by Qihoo 360 Netlab, Rapid7, and Greynoise.
The botnet has been built by exploiting a vulnerability in Huawei HG532 routers, tracked as CVE-2017-17215. Scans for this vulnerability, which can be exploited via port 37215, started on July 18, according to data collected by Netlab’s NetScan system.
Read more about how one threat actor was able to build a huge DDoS botnet in less than a day, which shows the real sad state of SOHO router security, on BleepingComputer.
DDoS attacks don’t arrive on little cat feet; they announce their presence with the subtlety of a shovel to the face. Two just-released reports show that these loud DDoS attacks are getting louder, larger, and more numerous with the passage of time.
Verisign released its Q1 2018 DDoS Trends Report and Akamai published its State of the Internet/Security Summer 2018 report and neither was filled with good news if your job is defending a company or network against DDoS attacks. Together, the two reports paint a detailed and disturbing picture of the way DDoS attacks are evolving to be both more common and more dangerous.
Read more about the findings of the two reports on DDoS trends on DarkReading.
Cyber defenders need to stay on their toes, as DDoS attacks are still on the rise. According to Akamai Technologies’ Summer 2018 State of the Internet/Security: Web Attack report, the number of recorded DDoS attacks increased 16 percent since last year, and attackers are devising new and advanced DDoS methods.
Since last year, there has been a 4 percent increase in reflection-based DDoS attacks, a 38 percent increase in application-layer attacks like SQL injection or cross-site scripting and 1.35 terabyte per second memcached reflector attack – the largest DDoS attack to hit the internet yet.
Read more about the disconcerting findings of the new report by Akamai Technologies on CSO.
Record-breaking distributed denial-of-service (DDoS) attacks are on a tear this year, and new data shows that DNS amplification attacks have jumped 700% worldwide since 2016.
In the first quarter of 2018, some 55 DNS amplification attacks employed Memcached servers, according to Nexusguard’s first quarter data. Memcached servers this year became the new darling of botnet operators looking for a way to jack up their DDoS attacks. Memcached is an open source software program used to increase server performance; it caches data in system memory, and was designed for internal networks.
Read more about the disconcerting findings of the latest DDoS report by Nexusguard on DarkReading.