Saturday, June 22, 2024
HomeIndustry Insights NewsCybercrime Is on the Rise with DDoS Attacks on Vulnerable Servers

Cybercrime Is on the Rise with DDoS Attacks on Vulnerable Servers

Digital transformation has been on the rise for quite some time, hitting an all time high during the COVID-19 pandemic. Companies and businesses have been forced to adjust at a short notice, digitizing services and moving to remote work. In addition to the myriad of obstacles and challenges organizations faced during this transformation, one less-talked about issue has been cyber security – or more specifically, cybercrime.

One type of cyberattacks that has increased in particular is the distributed denial-of-service (DDoS). These attacks broke records in 2020, with most launched in a single month (929K) and most DDoS attacks in a year (10+ million), according to the NetScout Threat Intelligence Report.

DDoS work by bringing down important systems and causing as much disruption as possible, targeting various industries such as manufacturing, financial, travel, education, and others. An often used tactic is the reflection/amplification attack, a combination of the two methods. The reflection attack targets any UDP- or TCP-based service and uses it to send a request for information while imitating the target’s IP address. The server then sends a response to the target’s IP address, instead of the attacker, hereby “reflecting”. Then, “amplification” is used to overwhelm the target website, sending a large volume of small requests which trigger a large reply to each. This type of DDoS attack lets attackers generate a large amount of harmful activity and unleash it on the target. Any ordinary DNS, NTP, SNMP, SSDP, UDP/TCP-based services, when exposed, can become the frequent mediums for these attacks.

These attacks are relatively simple, uneasy to spot, and can cause a lot of damage with minimal effort.

One way to prevent reflection/amplification attacks is to block the spoofed source trigger packets. However, it is often difficult to determine which activity is legitimate and which is spoofed. When an attack is happening and service is disrupted, legitimate activity may increase attempts to receive a response, which can then mislead identification and be falsely deemed as the attack. Mitigations such as rate limiting, port blocking, and traffic signature filters, all have their benefits and drawbacks because of their impact on legitimate traffic. Threat Intelligence services are the best bet for most businesses looking to pre-emptively identify vulnerabilities and counter-act proactively.

About the author

Anna Burneika
Anna Burneika
Anna is a staff writer at CXBuzz. Her international background lends itself to 5 languages, a wide variety of interests, and a broad and bright approach to her work. Having accomplished her first degree - a BA in Communications and Political Science - at only 19 years old, she is currently pursuing her passion of Theatre with an MA in the UK.


Khoros To Provide Connected Digital Customer Experiences

Khoros To Provide Connected Digital Customer Experiences

Joins Adobe Exchange Partner Program Khoros, the leading digital-first customer engagement software, and service provider have joined Adobe Exchange Partner Program in the premier category...
Code Risk Platform Apiiro Hires John Leon as VP of Business Development

Code Risk Platform Apiiro Hires John Leon as VP of Business...

As a pioneering start-up in the field of code security and risk management. Apiiro is now dealing with soaring demand by hiring John Leon...

Most Popular