sb-au logo
Story image

Largest DDoS-for-hire websites responsible for 11% of attacks worldwide – Nexusguard

26 Mar 2019

The Nexusguard Q4 2018 Threat Report has revealed that the FBI's shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (‘booters’) reduced the overall number of attacks worldwide by nearly 11% compared to the same period last year.

Along with the fewer total attacks, the average size decreased by 85% as did the maximum attack size by 24%, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks.

However, the managed DDoS mitigation service provider believes that booter websites are poised to make a comeback despite the crackdown due to growing botnets and incessant demand for DDoS-for-hire services.

The quarterly report, which measures thousands of DDoS attacks around the world, showed that DDoS-for-hire websites represent the legal loopholes from website and network ownership, as well as IoT devices and rapidly changing infrastructure that allows hackers to exploit vulnerabilities before owners or manufacturers can thwart them.

These booters were alleged to have been responsible for generating more than 200,000 DDoS attacks since 2014.

Despite the effective crackdown by federal law enforcement on these sites in December 2018, Nexusguard researchers warn that organisations should remain vigilant as other booter services may rise to take their place and attack volume will revive.

"Seizing command-and-control servers, booters and other resources has been a big part of the FBI's fight against cybercrime, but this shutdown only scratches the surface of a global problem," says Nexusguard chief technology officer Juniman Kasman.

"While booters are visible targets, businesses must also manage the vulnerabilities that stem from unpatched hardware and software, human error and new attack methods, especially as the footprint of IoT expands."

More than 90% of DDoS attacks rated smaller than one Gbps in size.

"Bit-and-piece" attacks continued from last quarter into Q4, employed in many campaigns regardless of the vector utilised.

Bit-and-piece attacks beat detection thresholds in that the targeted IP address receives only a small number of responses in each organised campaign, leaving little or no trace.

Black-holing all traffic to an entire IP prefix is a costly approach, due to the tactic blocking access to various legitimate services.

Other report findings include:

  • HTTPS attacks ranked third highest in attack popularity, compared to user datagram protocol (UDP) and simple service discovery protocol (SSDP) attacks.
  • An unusual pattern of frequently repeated HTTPS attacks was observed against one customer, occurring nearly every day in December and up to 13 times in one day, demonstrating the attacker's commitment to disrupting the target's network for all of December, the busiest time of year for retail and entertainment businesses
  • Attack durations increased more than 175% to more than 450 minutes on average compared to last year.
  • Attacks in the quarter were routinely targeted to occur during peak service hours for maximum disruption.
  • China held its lead as source of DDoS attacks, with 23% of attacks originating in the country and 18% originating in the United States.

Nexusguard's quarterly DDoS threat research measures attack data from botnet scanning, honeypots, communications service providers (CSPs) and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cyber security trends.

Story image
Proofpoint enhances security awareness training platform
Available in Q4 2020, the platform will integrate more closely with Proofpoint’s best-in-class threat intelligence.More
Story image
Netlinkz revenue surges 846% as secure enterprise cloud technology gains traction
Executive chairman James Tsiolis believes this growth is the start of something much bigger.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More