Mitigation of multi-vector distributed denial of services (DDoS) attacks has increased 322 percent in 2016, but Internet-of-things (IoT) botnets, DNS-based attacks and conventional DDoS attacks present on-going risk, according to the new report, DDoS & Cyber Security Insights, an in-depth research report that provides statistical analysis of the DDoS attack and mitigation data collected through Neustar SiteProtect.
The report by Neustar, a trusted, neutral provider of real-time information services, examines the growth of DDoS attacks during 2016, providing specific insight into multiple attack vectors, such as DNSSEC amplification and IoT botnets.
“The DDoS attack landscape has become increasingly complex in 2016 because there is no singular goal behind these attacks; some seek to disrupt services, while others serve as smokescreens to breach data,” said Neustar Senior Vice President and Fellow Rodney Joffe. “Organizations must remain vigilant against conventional attacks, even as new threats are realized today and in 2017.”
In its “2017 Predictive Insights,” the Neustar report said, “There will be many catalysts in 2017 to inspire attackers and many manufactured excuses to act. Cyber attackers saw serious returns in 2016, and there is no reason to expect them to change from performing in the interests of theirown agendas. The foreseeable road ahead, with a toxic combination of events and technologies to exploit, with money to be made and stolen, and with reputations to be built in the hacking community, will compel organizations to take more decisive action.”
Neustarnoted, “new threats will be realized in 2017. The advent of IoT technology ubiquity and its ex-ploitation is just one area in which attackers became more emboldened in 2016 as their actions resulted in highly publicized outages. The effectiveness of ransomware, phishing and malware all reveal many in-roads to create lucrative chaos in organizations. Next year will produce unlimited opportunity and poten-tial for bad actors to achieve objectives that include theft, disruption, extortion and impact.”
The DDoS & Cyber Security Insights study analyzed attacks and mitigation data collected through Neustar SiteProtect, a global DDoS mitigation network, from January 1, 2016 through November 30, 2016. Key findings include:
- Increasing Frequency of DDoS Attacks – The frequency of DDoS attack mitigations by Neustar has in-creased 40 percent compared to the same period of time in 2015.
- Eruption of Multi-vector Attacks – Multi-vector attacks, which combine attack vectors to confuse defend-ers and supplement attack volume, increased 322 percent and accounted for 52 percent of the attacks miti-gated by Neustar. UDP, TCP and ICMP comprise the three most popular attack vectors, which were lev-eraged in more than 50 percent of attacks.
- Vulnerability of DNS and DNSSEC – DNS-based attacks increased 648 percent with many attackers lev-eraging DNSSEC amplification to generate massive volumetric pressure. Previous Neustar research, DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us, determined that the average DNSSEC amplification factor for a DNSSEC signed zone was nearly 29 times greater than the initial query.
- IoT Botnets Emerge as DDoS Attack Tools – The threat of IoT botnets was realized in 2016, which was popularized by Mirai. Mirai and similar types of malware compromise IoT device credentials to enroll them into botnets, which are activated by command and control servers. As these code assemblies are published, new developments continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain control of a device even after it is rebooted.
“Mirai signals a watershed moment for DDoS attacks, where the bad guys finally turned the Internet back on its users,” Joffe noted, emphasizing, “It is imperative to invest in effective DDoS protection now be-cause the threat landscape has fundamentally changed.”
But “Mirai was just the beginning,” the Neustar report warned. “As now-published code that has mor-phed already from its initial incarnation, new strains and code variants will only increase attack size, com-plexity and ferocity in 2017. Mirai type of attacks, those that reconnoiter and test credentials as part of an effort to compromise and enroll devices in botnet arsenals, will significantly shape DDoS attack strategies and experiences. As defenses continue to adapt and mitigate Mirai-based attacks, there will be a substan-tial ebb and flow in online combat as attackers and defenders work to one-up each other.”
Conventional DDoS attacks will also continue to “pose a significant threat,” the report added. “Multi-vector attacks are more prevalent as attackers demonstrate a trend of using botnets and techniques to better test and exercise their arsenals. From January 1 through November of 2016, 48 percent of the identified attacks that Neustar mitigated used multiple vectors. As the world focuses on Mirai, the quiet, targeted attacks will remain constant, steady and dangerous.”
Neustar said, “Every day, the world generates roughly 2.5 quadrillion bits of data. Neustar isolates certain elements and analyzes, simplifiesand edits them to make precise and valuable decisions that drive results. As one of the few companies capable of knowing with certainty who is on the other end of every interac-tion, we’re trusted by the world’s great brands to make critical decisions some 20 billion times a day. We help marketers send timely and relevant messages to the right people. Because we can authoritatively tell a client exactly who is calling or connecting with them, we make critical real-time responses possible. And the same comprehensive information that enables our clients to direct and manage orders also stops attackers. We know when someone isn’t who they claim to be, which helps stop fraud and denial of service before they’re a problem. Because we’re also an experienced manager of some of the world’s most complex databases, we help clients control their online identity, registering and protecting their domain name, and routing traffic to the correct network address. By linking the most essential information with the people who depend on it, we provide more than 12,000 clients worldwide with decisions—not just data.”