DDoS tactics shift towards a blended approach

Posted By



February 8, 2017

Cyber security company NexusGuard has released its latest threat report for the final quarter of 2016, and notes a shift towards blended DDoS attacks combining multiple vulnerabilities with the intent of overloading targeted monitoring, detection and logging systems.

Attacks rose by more than 150 percent between November and December 2016, which researchers attribute to the outbreak of the Mirai botnet source code. Financial and government institutions were the primary industry focus of hybrid attacks in Q4 2016.

Nexusguard analysts found China and the US were the predominant countries vulnerable to IoT botnets, with 116,000 and 41,200 IoT botnets recorded respectively. While hackers continue to switch tactics to try to confuse cyber security teams, 97.5 percent of DDoS attacks used NTP methods, which continued to be the most popular DDoS attack method during the second half of 2016.

"The popularity of the Mirai botnet and similar IoT vulnerabilities gave hackers ample ammo to overwhelm security and operations in Q4," says Juniman Kasman, chief technology officer of Nexusguard. "Malicious actors will continue to invent new attacks and blend them with multiple factors for maximum impact, forcing companies to rely on big data and intelligence-driven mitigation and develop strategic response teams that can quickly handle new threats."

The report also notes that the growing volume of IoT devices provides a ready pool of IP addresses for generating attacks. IoT botnets will therefore continue to be a major issue in 2017, causing more volumetric attacks at higher frequencies.