Story image

Akamai discovers new DDoS threats, issues medium risk level

07 Jun 2016

A potentially malicious DDoS vulnerability has been discovered by Akamai's Security Intelligence Response team.

The DDoS amplification attack takes advantage of TFTP, a method of installing operating systems across a network in a specialised carrier, often called 'headless installations'.

These installations are not typically internet-based, but LAN-based. It is used to update devices with software updates and OS configurations when they are first set up on the network. However, a minority of LAN servers have access to internet and this has been the start of the cyber attacks.

The attack start time also coincided with the release of research about TFTP done by Edinburgh Napier University. As at April 20, 2016, Akamai had 'mitigated' ten attacks that had been used in the same way.

Akamai says the attacks were multi-vector attacks that included TFTP reflection, which may mean at least one site is using DDoS as a service.

Akamai says that TFTP alone has produced an attack of 1.2Gbps, but multi-vector attacks have produced attacks at 44Gbps.
Akamai says that attacks are small and originating from Asia as well as Europe. The TFTP attacks are also limited because they can only deliver files to a small amount of hosts at any one time.

Attacks may include 'out of memory' signatures, which Akamai says alludes to "TFTP servers not being able to handle the rapid fire queries sent by the TFTP flood attack tool".

Akamai advises threat prevention and mitigation. TFTP server hosts should analyse whether UDP port 69 should have access to the internet. If it is necessary, use firewalls and allow only trusted access. Use SNORT or another IDS to detect network server abuse.

More details about the attack will be in Akamai's State of the Internet report, due to be released in early June.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.