DNS amplification attacks have grown 4,788 per cent in the third quarter of 2018, a new Nexusguard Threat Report says. The report claims that Domain Name System Security Extensions (DNSSEC) are still the main growth drivers for the attacks, but adds that there has been a “sharp rise” in TCP SYN Flood attacks. Although not exactly a novelty, these attacks have risen in popularity as hackers learned how to make them more sophisticated and harder to tackle.
DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic, with 41% of attacks coming from mobile gateways and three-quarters of that traffic coming from Apple iOS devices.
DNS amplification attacks have grown by over 4,000 percent over the last year according to Nexusguard's latest threat report.
The chairman, 21st Century Technologies, Wale Ajisebutu at the unveiling of the solution to banks and enterprises in Lagos, said: “We opted to partner with Nexusguard because of their global reach and robustness of their platform. They have helped many companies and governments globally defend against cyberattacks.
Nigeria is known to be leading in terms of online fraud in Africa, with about $500 billion, which is expected to hit $2trillion by the year 2020. They added that with better configuration, services upscale in the value chain and data domiciliation, cyber attacks would be mitigated.
Domain Name System (DNS) servers on the edu.za domain are being exploited to launch massive distributed denial of service attacks (DDoS). Nexusguard reported that edu.za had 13,524,481 spoofed DNS requests last quarter, accounting for 9.36% of all DNS abuse. Nexusguard’s Q2 2019 Threat Report stated that DNS amplification attacks have spiked more than 1,000% compared with Q2 2018. It attributed this rise to the adoption of Domain Name System Security Extensions (DNSSEC) without proper precautions in place to mitigate DNS-amplified DDoS attacks.
Fibre Internet service provider Cool Ideas has been beleaguered by distributed denial of service attacks (DDoS) over the past few weeks. This has severely degraded performance on its network, even causing an hours-long outage.
This issue is not unique to Cool Ideas. Atomic Access also recently informed MyBroadband that it has been the target of two large-scale DDoS attacks in two months.
The second quarter of 2019 saw a major swelling of DNS amplification attacks reaching a whopping 1,000 percent spike. The report titled “Nexusguard’s Q2 2019 Threat Report” points out that increasing adoption of Domain Name System Security Extensions (DNSSEC) highlights the massive surge in DNS amplification attacks. The report also highlighted how several government domains and even Paypal.com, became victims of DNS abuses.
The report has an interesting take on DNSSEC. It notes that, "The growing adoption of DNSSEC suggests that DNS Amplification will continue to pose a significant threat to service provider and enterprise networks alike. Long overdue, the deployment of DNSSEC as the ultimate patch for fixing DNS cache poisoning is finally gaining widespread acceptance. The downside is the exceptionally long responses DNSSEC-enabled servers generate. The long DNS responses include records containing cryptographic keys and/or signatures. When a domain is upgraded to support DNSSEC, it returns traditional records as well as DNS records. As a result, the sizes of DNSSEC-enabled DNS responses significantly exceed those of traditional responses."
Nexusguard researchers attribute Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks. DNSSEC is designed to protect applications from using forged or manipulated DNS data, however, the extra security DNSSEC provides relies on a resource-intensive data verification process using public keys and digital signatures. While intended to be a patch to DNS poisoning, DNSSEC has had the unintended consequence of creating yet another DDoS vulnerability.