DNS amplification attacks have grown by over 4,000 percent over the last year according to Nexusguard’s latest threat report.
DNSSEC (Domain Name System Security Extensions) remains the main source of growth in DNS amplification attacks in the quarter, but Nexusguard analysts have also detected a sharp and concerning rise in TCP SYN Flood attacks.
Cyberattackers have long favored DDoS attacks that amplify damage beyond the resources required to launch them, but suitable reflectors or amplifiers are not as widely available for DNS amplification. Any server with an open TCP port though is an ideal attack vector, and such reflectors are widely available and easy to access to cause SYN Flood reflection attacks.
“Our research findings revealed that even plain-vanilla network attacks could be turned into complex, stealthy attacks leveraging advanced techniques, from the bit-and-piece attacks, also known as carpet bombing, we identified last year, to the emergence of Distributed Reflective DoS (DRDoS) attacks in the third quarter,” says Juniman Kasman, chief technology officer for Nexusguard. “Telcos and enterprises must take note while these tactics don’t cause notable strain on network bandwidth, which may go undetected, but that they are powerful enough to impact their service. Advanced mitigation techniques are required to address these threats.”
The report reveals that 44 percent of Q3 attack traffic came from botnet-hijacked Windows computers and servers. The second largest source of traffic came from iOS-equipped mobile devices. The total number of attacks has mirrored patterns observed in 2019, with Q1 seeing the highest number attacks followed by numbers dropping over Q2 and Q3. While attack volume has decreased since Q2 2019, levels grew more than 85 percent compared to the same quarter last year. More than half of all global attacks originated in China, Turkey or the United States.
The full report is available from the Nexusguard site.