Thursday, March 28, 2024
HomeIndustry Insights NewsCybercrime Is on the Rise with DDoS Attacks on Vulnerable Servers

Cybercrime Is on the Rise with DDoS Attacks on Vulnerable Servers

Digital transformation has been on the rise for quite some time, hitting an all time high during the COVID-19 pandemic. Companies and businesses have been forced to adjust at a short notice, digitizing services and moving to remote work. In addition to the myriad of obstacles and challenges organizations faced during this transformation, one less-talked about issue has been cyber security – or more specifically, cybercrime.

One type of cyberattacks that has increased in particular is the distributed denial-of-service (DDoS). These attacks broke records in 2020, with most launched in a single month (929K) and most DDoS attacks in a year (10+ million), according to the NetScout Threat Intelligence Report.

DDoS work by bringing down important systems and causing as much disruption as possible, targeting various industries such as manufacturing, financial, travel, education, and others. An often used tactic is the reflection/amplification attack, a combination of the two methods. The reflection attack targets any UDP- or TCP-based service and uses it to send a request for information while imitating the target’s IP address. The server then sends a response to the target’s IP address, instead of the attacker, hereby “reflecting”. Then, “amplification” is used to overwhelm the target website, sending a large volume of small requests which trigger a large reply to each. This type of DDoS attack lets attackers generate a large amount of harmful activity and unleash it on the target. Any ordinary DNS, NTP, SNMP, SSDP, UDP/TCP-based services, when exposed, can become the frequent mediums for these attacks.

These attacks are relatively simple, uneasy to spot, and can cause a lot of damage with minimal effort.

One way to prevent reflection/amplification attacks is to block the spoofed source trigger packets. However, it is often difficult to determine which activity is legitimate and which is spoofed. When an attack is happening and service is disrupted, legitimate activity may increase attempts to receive a response, which can then mislead identification and be falsely deemed as the attack. Mitigations such as rate limiting, port blocking, and traffic signature filters, all have their benefits and drawbacks because of their impact on legitimate traffic. Threat Intelligence services are the best bet for most businesses looking to pre-emptively identify vulnerabilities and counter-act proactively.

About the author

Anna Burneika
Anna Burneika
Anna is a staff writer at CXBuzz. Her international background lends itself to 5 languages, a wide variety of interests, and a broad and bright approach to her work. Having accomplished her first degree - a BA in Communications and Political Science - at only 19 years old, she is currently pursuing her passion of Theatre with an MA in the UK.

RELATED ARTICLES

CX Automation Platform Yellow.ai Raises $78.15M in Series C Funding

10
The conversational AI and customer experience (CX) automation platform yello.ai announced Wednesday that it has raised $78.15 million in a Series C funding, bringing...
Servco Increases Customer-Centricity with Ameprity's CDP

Servco Increases Customer-Centricity with Ameprity’s CDP

9
Integrates Data To Boost Marketing Solutions and Gain Customer-Insights  Servco Pacific Inc. has selected Amperity, the leading enterprise customer data platform for consumer brands to...

Most Popular