Search This Blog

Showing posts with label Cloud. Show all posts

A resurgence in DDoS Attacks amidst Global COVID-19 lockdowns


Findings of Link11's Security Operations Center (LSOC) uncovered a 97% increase in the number of attacks for the months of April, May, and June in 2020 when compared with the attacks during the same period in the previous year, with an increment of 108% in May 2020.

The annual report incorporates the data which indicated that the recurrence of DDoS attacks relied upon the day of the week and time, with most attacks concentrated around weekends of the week and evenings. 

More attacks were registered on Saturdays, and out of office hours on weekdays. 

Marc Wilczek, COO, Link11 says, “The pandemic has forced organizations to accelerate their digital transformation plans, but has also increased the attack surface for hackers and criminals – and they are looking to take full advantage of this opportunity by taking critical systems offline to cause maximum disruption. This ‘new normal’ will continue to represent a major security risk for many companies, and there is still a lot of work to do to secure networks and systems against the volume attacks. Organizations need to invest in security solutions based on automation, AI, and Machine Learning that are designed to tackle multi-vector attacks and networked security mechanisms...” 


Key findings from the annual report include: 

Multivector attacks on the rise: 52% of attacks consisted of a few strategies for the attack, making them harder to defend against. One attack included at least 14 techniques.

The growing number of reflection amplification vectors:: More usually utilized vectors included DNS, CLDAP, and NTP, while WS Discovery and Apple Remote Control are still being utilized in the wake of being discovered in 2019. 

DDoS sources for reflection amplification attacks distributed around the globe: The top three most significant source nations in H1 2020 were the USA, China, and Russia. Be that as it may, the ever-increasing number of attacks have been traced back to France. 

The average attack bandwidth remains high: The attack volume of DDoS attacks has balanced out at a relatively elevated level, at an average of 4.1 Gbps. In most attacks, 80% were up to 5 Gbps. The biggest DDoS attack was halted at 406 Gbps. 

DDoS attacks from the cloud: At 47%, the percentage of DDoS attacks from the cloud was higher than the entire year 2019 (45%). Instances from every single established provider were 'misused', however, the more usual ones were Microsoft Azure, AWS, and Google Cloud. 

The longest DDoS attack lasted 1,390 minutes – 23 hours and interval attacks, which are set like little pinpricks and flourish on repetition lasted an average of 13 minutes.


BGP Hijacking Attacks Google, Amazon and Other Famous Networks' Traffic!


As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent Content Delivery Networks (CDNs) and cloud host providers of the globe.

The entire re-direction kept on for around an hour during which it affected over 8,500 traffic routes of the internet. The concerned organizations happen to be few of the most celebrated ones.

Per sources, the brands range across well-known names like Cloudflare, Digital Ocean, Linode, Google, Joyent, Facebook, LeaseWeb, Amazon, GoDaddy, and Hetzner.

Reportedly, all the signs of this attack indicate towards its being a case of hijacking the Border Gateway Protocol, also known as, BGP hijacking. It is the illegitimate takeover of IP prefixes by a hijacker to redirect traffic.

This gives a lot of power in the hands of the hijacker because they could at any time “publish an announcement” stating that the servers of a particular company are on their network. As a result of which all of e.g. Amazon’s traffic would end up on the hijacker’s servers.

In earlier times when Hypertext Transfer Protocol wasn’t as widely used to encrypt traffic, BGP hijacking was a lucrative way to carry Man-in-the-Middle (MitM) attacks and catch and modify traffic.

But in recent times, analysis and decryption of traffic later in time has become easier because of BGP hijacking, as the encryption gets weaker with time.

This predicament isn’t of a new kind. It has been troubling the cyber-world for a couple of decades, mainly because they aim at boosting the BGP’s security. Despite working on several projects there hasn’t been much advancement in improving the protocol to face them.

Google’s network has been a victim of BGP hijacking by a Nigerian entity before. Researchers mention that it is not necessary for a BGP hijacking to be malicious.

Reportedly, “mistyping the ASN” (Autonomous System Number) is one of the other main reasons behind a BGP hijacking, as it is the code via which internet units are recognized and ends up accidentally redirecting traffic.

Per sources, China Telecom stands among the top entities that have committed BGP hijacking, not so “accidentally”. Another famous one on a similar front is “Rostelecom”.

The last time Rostelecom seized a lot of attention was when the most gigantic of financial players were victimized by BGP hijacking including HSBC, Visa, and MasterCard to name a few.

The last time, BGPMon didn’t have much to say however this time, Russian Telecom is in a questionable state, per sources. They also mention that it is possible for the hijack to have occurred following the accidental exposure of the wrong BGP network by an internal Rostelecom traffic shaping system.

Things took a steep turn when reportedly, Rostelecom’s upstream providers re-publicized the freshly declared BGP routes all across the web aggravating the hijack massively.

Per researchers, it is quite a difficult task to say for sure if a BGP hijacking was intentional of accidental. All that could be said is that the parties involved in the hijack make the situation suspicious.