Story image

Akamai discovers new DDoS threats, issues medium risk level

07 Jun 2016

A potentially malicious DDoS vulnerability has been discovered by Akamai's Security Intelligence Response team.

The DDoS amplification attack takes advantage of TFTP, a method of installing operating systems across a network in a specialised carrier, often called 'headless installations'.

These installations are not typically internet-based, but LAN-based. It is used to update devices with software updates and OS configurations when they are first set up on the network. However, a minority of LAN servers have access to internet and this has been the start of the cyber attacks.

The attack start time also coincided with the release of research about TFTP done by Edinburgh Napier University. As at April 20, 2016, Akamai had 'mitigated' ten attacks that had been used in the same way.

Akamai says the attacks were multi-vector attacks that included TFTP reflection, which may mean at least one site is using DDoS as a service.

Akamai says that TFTP alone has produced an attack of 1.2Gbps, but multi-vector attacks have produced attacks at 44Gbps. Akamai says that attacks are small and originating from Asia as well as Europe. The TFTP attacks are also limited because they can only deliver files to a small amount of hosts at any one time.

Attacks may include 'out of memory' signatures, which Akamai says alludes to "TFTP servers not being able to handle the rapid fire queries sent by the TFTP flood attack tool".

Akamai advises threat prevention and mitigation. TFTP server hosts should analyse whether UDP port 69 should have access to the internet. If it is necessary, use firewalls and allow only trusted access. Use SNORT or another IDS to detect network server abuse.

More details about the attack will be in Akamai's State of the Internet report, due to be released in early June.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."