Newly identified ‘Black Storm’ attack could wreak havoc on CSP networks

Posted By



September 28, 2021

A newly identified cybersecurity threat coined “Black Storm” could potentially wreak havoc on communications service provider networks, according to new research released today by distributed denial-of-service protection company Nexusguard Inc.

In a typical DDoS amplification attack, those behind the attack rely on DNS servers or other similar open services to interrupt connectivity. Where a Black Storm attack becomes both interesting and scary: Those using the method can leverage any device connected to the internet.

According to researchers at Nexusguard, the volume from one Black Storm attack could terminate medium- to large-sized enterprises in a clean sweep and severely cripple a large-scale CSP network.

Hackers are said to be able to achieve Black Storm attacks more easily than amplification attacks and could quickly dominate the cyber world. Black Storm attacks could be manifested by hackers reflectively employing a so-called BlackNurse attack. BlackNurse attacks are a form of denial-of-service attacks based on internet control message protocol or ICMP flooding.

By generating spoofed user datagram protocol requests to devices connected to a CSP on closed UDP ports, a reflection of the ping replies return to the CSP network ping sources in BlackNurse attacks. In these circumstances, the devices respond with destination port unreachable responses. As more devices continue to respond to the spoofed internet protocol source, the volume of responses completely overwhelms the targeted CSP network and hence becomes a Black Storm Attack.

The researchers at Nexusguard are advising CSPs to perform regular vulnerability scanning, apply access control to routers and use deep learning-based detection methods. The deep learning approaches can assist CSPs in analyzing data quickly and accurately while overcoming the inefficiencies inherent in threshold or signature-based methods.

“The potential risk from impending Black Storm attacks could obliterate individual enterprises and have devastating consequences for communications service providers and completely saturate their networks,” said Juniman Kasman, chief technology officer for Nexusguard. “Networks targeted by these attacks need to apply deep learning intelligence in order to analyze traffic patterns and identify Black Storm attacks well before they can be exploited.”