While the volume of DDoS attacks has wavered over time, they are still a significant threat. Kaspersky Labs reports that the number of DDoS attacks for Q2 2019 increased by 32% over Q3 2018, primarily due to a spike in attacks in September.
Recently discovered botnets like Torii and DemonBot capable of launching DDoS attacks are a concern, according to Kaspersky. Torii is capable of taking over a range of IoT devices and is considered more persistent and dangerous than Mirai. DemonBot hijacks Hadoop clusters, which gives it access to more computing power.
UDP flood. This volumetric and protocol attack attempts to abuse the normal behavior of UDP, a “connectionless” protocol that has no handshake mechanism like TCP’s, described above. As such, it does not create a session and cannot verify the sender’s IP address. The attacker sends a huge number of UDP packets with spoofed (forged) IP addresses to numerous ports on the victim’s server. The server, trying (and failing) to find applications associated with the requested ports, is soon overwhelmed, at which point it can no longer respond to any requests, including legitimate ones. One advantage of this attack is that UDP makes it easy for attackers to hide their identity by spoofing the source IP address.
Another alarming trend is the availability of new DDoS launch platforms like 0x-booter. This DDos-as-a-service leverages about 16,000 IoT devices infected with the Bushido malware, a Mirai variant.
Recently discovered botnets like Torii and DemonBot capable of launching DDoS attacks are a concern, according to Kaspersky. Torii is capable of taking over a range of IoT devices and is considered more persistent and dangerous than Mirai. DemonBot hijacks Hadoop clusters, which gives it access to more computing power.
UDP flood. This volumetric and protocol attack attempts to abuse the normal behavior of UDP, a “connectionless” protocol that has no handshake mechanism like TCP’s, described above. As such, it does not create a session and cannot verify the sender’s IP address. The attacker sends a huge number of UDP packets with spoofed (forged) IP addresses to numerous ports on the victim’s server. The server, trying (and failing) to find applications associated with the requested ports, is soon overwhelmed, at which point it can no longer respond to any requests, including legitimate ones. One advantage of this attack is that UDP makes it easy for attackers to hide their identity by spoofing the source IP address.
Another alarming trend is the availability of new DDoS launch platforms like 0x-booter. This DDos-as-a-service leverages about 16,000 IoT devices infected with the Bushido malware, a Mirai variant.
No comments:
Post a Comment