Domain Name System (DNS) servers on the edu.za domain are being exploited to launch massive distributed denial of service attacks (DDoS). Nexusguard reported that edu.za had 13,524,481 spoofed DNS requests last quarter, accounting for 9.36% of all DNS abuse. Nexusguard’s Q2 2019 Threat Report stated that DNS amplification attacks have spiked more than 1,000% compared with Q2 2018. It attributed this rise to the adoption of Domain Name System Security Extensions (DNSSEC) without proper precautions in place to mitigate DNS-amplified DDoS attacks.
Fibre Internet service provider Cool Ideas has been beleaguered by distributed denial of service attacks (DDoS) over the past few weeks. This has severely degraded performance on its network, even causing an hours-long outage.
This issue is not unique to Cool Ideas. Atomic Access also recently informed MyBroadband that it has been the target of two large-scale DDoS attacks in two months.
The second quarter of 2019 saw a major swelling of DNS amplification attacks reaching a whopping 1,000 percent spike. The report titled “Nexusguard’s Q2 2019 Threat Report” points out that increasing adoption of Domain Name System Security Extensions (DNSSEC) highlights the massive surge in DNS amplification attacks. The report also highlighted how several government domains and even Paypal.com, became victims of DNS abuses.
The report has an interesting take on DNSSEC. It notes that, "The growing adoption of DNSSEC suggests that DNS Amplification will continue to pose a significant threat to service provider and enterprise networks alike. Long overdue, the deployment of DNSSEC as the ultimate patch for fixing DNS cache poisoning is finally gaining widespread acceptance. The downside is the exceptionally long responses DNSSEC-enabled servers generate. The long DNS responses include records containing cryptographic keys and/or signatures. When a domain is upgraded to support DNSSEC, it returns traditional records as well as DNS records. As a result, the sizes of DNSSEC-enabled DNS responses significantly exceed those of traditional responses."
Nexusguard researchers attribute Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks. DNSSEC is designed to protect applications from using forged or manipulated DNS data, however, the extra security DNSSEC provides relies on a resource-intensive data verification process using public keys and digital signatures. While intended to be a patch to DNS poisoning, DNSSEC has had the unintended consequence of creating yet another DDoS vulnerability.
Nexusguard evaluates thousands of attacks worldwide each year and DNS amplification attacks represented more than 65% during the last quarter. Multiple US government domains and even PayPal were attacked in the last three months. The honeypot network, which is designed to bait cybercriminals into a hacking attempt, captured 144,465,553 malicious DNS queries.
Nexusguard researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks. DNSSEC accounted for more than 65% of the attacks last quarter. DNSSEC was designed to protect applications from using forged or manipulated DNS data. Its growing adoption suggests that DNS amplification risks won’t disappear for service providers or enterprise networks anytime soon, according to the Nexusguard quarterly report.
Last month, the CEO of encrypted messaging service Telegram said that a distributed denial of service (DDOS) attack on the platform was coming from devices in China. The country was revealed to be the biggest source of DDOS attacks globally in a recent report by security provider Nexusguard.
DDoS attacks “for hire” made a comeback at the beginning of the year, with booter-originated attacks rebounding to more than double their amounts in Q4 2018, according to Nexusguard’s “Q1 2019 Threat Report.” Despite the earlier FBI crackdown, the DNS amplification types of DDoS attacks continued to be a favorite of DDoS-for-hire websites, soaring more than 40 times their volume compared to last quarter. The resurgence of DDoS-as-a-service and the growing botnets reinforce the evolving cyber threat of DDoS attacks for enterprises and communications service providers (CSPs).
If the service provider fails to protect customers, figure out what is going on, or avoid collateral damage, then not only will customers be disappointed, but the service provider will also have to offer financial compensation for downtime as pledged in their service-level agreements (SLAs).