DDoS attackers have changed tack in the second year of the pandemic

Posted By



October 18, 2021

Small-size attacks have increased by 233 per cent in 2021 according to DDOS protection specialist Nexusguard’s Threat Report FHY 2021, as cyber criminals seek to stay under the radar.

In 2021 attackers have adopted less bandwidth-intensive DDoS exploits to avoid signature-based detection – a process where the anti-malware software has a repository of the “fingerprints” of previously identified network threats. As a result, 95 per cent of DDOS attacks were smaller than 1 GBps in the first half of 2021. However small, these attacks can take whole networks and infrastructures off-line, the cybersecurity company warned.

“The high level of intricacies behind communications service provider networks causes them to generally allow all types of traffic to pass through, which leads to smaller or spoofed types of attacks to strike undetected,” said Juniman Kasman, chief technology officer of Nexusguard.

The most obvious shift according to the report has been a sharp increase in new types of UDP attacks at the expense of the method relying on DNS (Domain Name Server) amplification to magnify the attack size against networks, which was at the top of the list last year.

UDP is a communications protocol primarily used to established low-latency and loss-tolerating connections between applications on the internet. A UDP flood attack will exploit the steps that a server takes when it responds to a UDP packet sent to one of its ports by flooding it with a large number of small requests.

Nexusguard’s report has also raised the alarm about a particular kind of UDP attack that they label “Black Storm”, which could potentially wreak havoc on communications service provider (CSP) networks, as it can leverage any device connected to the Internet. They predict that this emerging type of UDP attack could quickly dominate the cyberworld. However, businesses stand a better chance of detecting this new strain if they adopt behavioural detection and mitigation approaches that enable them to take a wider range of factors into consideration than just anomalous thresholds or attack signatures.