Despite a recent crackdown by the Federal Bureau of Investigation (FBI), there has been a more than 400% increase in the volume of attacks being launched via DDoS-for-hire sites in the last quarter. That’s according to a new report from Nexusguard, a provider of a cloud service for combatting distributed denial of service (DDoS) attacks.
The “Nexusguard Q1 2019 Threat Report” also notes that DDoS attacks smaller than 1Gbps are becoming more automated and targeted at specific organizations. For example, 17% of all the DDoS attacks launched in Brazil in the last quarter were aimed at one specific banking institution, the report finds.
Donny Chong, product director for enterprise cybersecurity at Nexusguard, said the DDoS-for-hire sites that were taken down last year are now being replaced. The number of DDoS-for-hire websites being tracked by NexusGuard has doubled year over year.
The Nexusguard report also finds this latest generation of DDoS-for-hire cybercriminals is more adept at compromising mobile computing devices to launch their attacks. Botnets employed by these sites have been able to launch attacks lasting more than 40,000 minutes at a time, or more than 27 days, the report finds. In addition to leveraging mobile computing devices, DDoS-for-hire sites are starting to leverage billions of poorly protected internet-of-things (IoT) devices, he said.
Chong noted the latest iteration of DDoS-for-hire websites appears to be trying to fly under the radar of law enforcement. Rather than launching massive attacks, cybercriminals are employing the threat of a DDoS attack to extort payments from organizations both large and small.
At a time when organizations depend heavily on websites to generate revenue, DDoS attacks can have a much bigger financial impact on organizations.
In general, DNS attacks come in a variety of forms, including:
- Domain hijacking, which results in DNS servers and domain registrar redirecting traffic away from the original servers to new destinations.
- DNS hijacking (also known as DNS redirection), which involves malware being employed to, for example, alter the TCP/IP configurations so they can point to another DNS server, which will then redirect traffic to a fake website.
- DNS flooding, which is a distributed denial-of-service (DDoS) attack that seeks to overload a DNS server to the point where it can no longer process requests.
- Distributed reflection denial-of-service (DRDoS) attacks, which spoof the source address of the DNS service and results in machines replying back and forth until the DNS server becomes flooded.
- DNS tunneling, which makes use of encoded data from other applications to compromise DNS responses and queries.
- Random subdomain attacks, which involve sending a lot of DNS queries via compromised systems against a valid and existing domain name.
While there may be no way to terminate every DDoS attack, the good news is organizations at the very least are getting more adept at mitigating them.