Sunday, January 16, 2022
Home Industry Insights News Cybercrime Is on the Rise with DDoS Attacks on Vulnerable Servers

Cybercrime Is on the Rise with DDoS Attacks on Vulnerable Servers

Digital transformation has been on the rise for quite some time, hitting an all time high during the COVID-19 pandemic. Companies and businesses have been forced to adjust at a short notice, digitizing services and moving to remote work. In addition to the myriad of obstacles and challenges organizations faced during this transformation, one less-talked about issue has been cyber security – or more specifically, cybercrime.

One type of cyberattacks that has increased in particular is the distributed denial-of-service (DDoS). These attacks broke records in 2020, with most launched in a single month (929K) and most DDoS attacks in a year (10+ million), according to the NetScout Threat Intelligence Report.

DDoS work by bringing down important systems and causing as much disruption as possible, targeting various industries such as manufacturing, financial, travel, education, and others. An often used tactic is the reflection/amplification attack, a combination of the two methods. The reflection attack targets any UDP- or TCP-based service and uses it to send a request for information while imitating the target’s IP address. The server then sends a response to the target’s IP address, instead of the attacker, hereby “reflecting”. Then, “amplification” is used to overwhelm the target website, sending a large volume of small requests which trigger a large reply to each. This type of DDoS attack lets attackers generate a large amount of harmful activity and unleash it on the target. Any ordinary DNS, NTP, SNMP, SSDP, UDP/TCP-based services, when exposed, can become the frequent mediums for these attacks.

These attacks are relatively simple, uneasy to spot, and can cause a lot of damage with minimal effort.

One way to prevent reflection/amplification attacks is to block the spoofed source trigger packets. However, it is often difficult to determine which activity is legitimate and which is spoofed. When an attack is happening and service is disrupted, legitimate activity may increase attempts to receive a response, which can then mislead identification and be falsely deemed as the attack. Mitigations such as rate limiting, port blocking, and traffic signature filters, all have their benefits and drawbacks because of their impact on legitimate traffic. Threat Intelligence services are the best bet for most businesses looking to pre-emptively identify vulnerabilities and counter-act proactively.

About the author

Anna Burneika
Anna is a staff writer at CXBuzz. Her international background lends itself to 5 languages, a wide variety of interests, and a broad and bright approach to her work. Having accomplished her first degree - a BA in Communications and Political Science - at only 19 years old, she is currently pursuing her passion of Theatre with an MA in the UK.

RELATED ARTICLES

Doxim Acquires Level One

Doxim Acquires Level One

0
The Acquisition To Help Doxim Expand Its Domain Expertise Doxim, the leading customer communications management platform announced that it has acquired customer experience and communication...
New Hires in the CX Space: April 1st, 2021

New Hires in the CX Space: April 1st, 2021

0
What is happening in the customer experience world this week? At CXBuzz, we closely follow the industry, monitoring recent hires and promotions. From Credit...

Most Popular

Recent Comments