lolloj - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

New DDoS attack technique puts CSPs at risk

Nexusguard found a new DDoS attack technique that targeted CSPs in which attackers used a bit-and-piece approach to inject junk into legitimate traffic and dodge detection.

A new DDoS attack technique designed to evade detection mechanisms is gaining steam.

The stealthy, sophisticated attack technique, known as bit-and-piece, is targeting communications service providers (CSPs), according to a recent report by Nexusguard, a distributed denial-of-service (DDoS) mitigation service provider.

The bit-and-piece DDoS attack, which is different from traditional volumetric attacks, capitalizes on the large attack surface of ASN-level (autonomous system number) CSPs "by spreading tiny attack traffic across hundreds of IP addresses to evade detection," Nexusguard's Q3 2018 Threat Report found.

"The general idea of the bit-and-piece attack is instead of concentrating the attack on one IP address or one destination -- in which case, it's relatively easy for the CSPs to identify such attacks and then take action -- the attackers attack a range of IP addresses, so that it basically flies under the radar and CSPs don't know which ones to take action on," said Donny Chong, product director at Nexusguard. "In fact, the attacks will saturate the CSP's resources and ultimately bring down the customers who are using this CSP as an option."

The Nexusguard report found 159 ASNs were targeted by the new DDoS attack in the third quarter of 2018, with attackers targeting networks within the same geolocation.

Attackers carried out "reconnaissance missions" to determine their target CSP's network landscape and mission-critical IP prefixes before deploying the DDoS attack technique, the report found.

The "attack traffic in the space of each IP address was small enough to bypass detection, but it was big enough to cripple the targeted site or even an entire CSP network once the traffic converged," according to the report.

The quarterly report, which looks at thousands of DDoS attacks worldwide, also found ASN-level CSPs were targeted by 65.5% of DDoS attacks in the third quarter of 2018.

"Attackers are likely targeting CSPs because they are a form of critical infrastructure," said Lawrence Orans, vice president analyst at Gartner. "A successful DDoS attack against a major CSP could be highly disruptive to businesses and consumers that traverse the CSP's network."

Signs of a DDoS attack

The evolution of DDoS attack techniques and mitigation strategies

Orans added that DDoS attack techniques have continually evolved over the last several years.

"For example, 2013 was the year of NTP [Network Time Protocol] amplification. In 2014, it was SSDP [Simple Service Discovery Protocol] attacks. And in 2016, we saw the Mirai botnet and attacks from IoT devices," Orans said. "It's not at all surprising to learn of a new attack technique in 2018."

Nexusguard attack traffic comparison

As cyberattackers become more resourceful, DDoS attacks will continue to evolve, Nexusguard's Chong reinforced. It is not something that CSPs can simply brush off, he said.

While there's nothing CSPs can do to discourage attackers, Chong said CSPs should update their defense strategy and focus on enhancing their network security posture to ensure their services are not affected.

The general idea of the bit-and-piece attack is instead of concentrating the attack on one IP address or one destination ... the attackers attack a range of IP addresses.
Donny Chongproduct director, Nexusguard

"They have to look for ways in which they can much more effectively manage the DDoS attacks, so that their infrastructure and their customers do not suffer any damage," he said.

Normal security measures used by ASN-level CSPs cannot detect and mitigate bit-and-piece attacks before they can cause any harm, the report found. This is due to the negligible size of the "junk" that the new DDoS attack technique injects into the legitimate traffic.

Chong advised against solely relying on threshold-based DDoS attack detection and mitigation techniques, as they are not adequate for detecting attacks involving small amounts of attack traffic.

Conventional DDoS mitigation measures like blackholing also won't work, Chong said, because blackholing will block access to a wide range of legitimate services.

Chong suggested detecting attacks like bit-and-piece requires CSPs to employ more advanced detection techniques, which are capable of detecting DDoS "based on signatures."

Dig Deeper on Data security strategies and governance

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

What other DDoS attack mitigation strategies should CSPs employ?
Cancel
INSTEAD OF GETTING A LOAN,,  I GOT SOMETHING NEW
Get $5,500 USD every day, for six months!

See how it works
Do you know you can hack into any ATM machine with a hacked ATM card??
Make up you mind before applying, straight deal...

Order for a blank ATM card now and get millions within a week!: contact us
via email address::{Automatictellers@gmail.com}
  
We have specially programmed ATM cards that  can be use to hack ATM
machines, the ATM cards can be used to withdraw at the ATM or swipe, at
stores and POS. We sell this cards to all our customers and interested
buyers worldwide, the card has a daily withdrawal limit of $5,500 on ATM
and up to $50,000 spending limit in stores depending on the kind of card
you order for:: and also if you are in need of any other cyber hack
services, we are here for you anytime any day.

Here is our price lists for the ATM CARDS:

Cards that withdraw $5,500 per day costs $200 USD
Cards that withdraw $10,000 per day costs $850 USD
Cards that withdraw $35,000 per day costs $2,200 USD
Cards that withdraw $50,000 per day costs $5,500 USD
Cards that withdraw $100,000 per day costs $8,500 USD

make up your mind before applying, straight deal!!!

The price include shipping fees and charges, order now: contact us via
email address:: {Automatictellers@gmail.com}

Visit our Website for more Info: automatictellers.wordpress.com
®
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close