More than half of all attacks exploit multiple vector combinations.
Distributed denial of service (DDoS) attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017, compared to 2016, according to Nexusguard’s “Q4 2017 Threat Report.” The quarterly report, which measured thousands of attacks from around the world, attributes the skyrocketing attacks to servers enabled with Domain Name System Security Extensions (DNSSEC), a significant new risk if not properly configured. Although they’re intended to add integrity and security to the DNS protocol, DNSSEC-enabled servers can be deliberately targeted to reflect amplification attacks, due to the large size of the responses they generate.
Nexusguard’s quarterly distributed denial of service (DDoS) reports are based on the company’s collection of real-time data regarding threats facing enterprises and service provider networks around the world. The company gathers data from botnet scanning, Honeypots, internet service providers (ISPs) and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global attack trends. Although the overall number of DDoS attacks fell 12 percent compared to the same period last year, a new class of powerful botnets may appear from wider DNSSEC adoption. Nexusguard warns teams to evaluate the DNSSEC response and security flaw to strengthen systems against future attacks.
“Enterprises have worked hard to patch against snooping, hijacking and other DNS abuses; however, improperly configured DNSSEC-enabled nameservers may be a new plague for unprepared teams,” said Juniman Kasman, chief technology officer for Nexusguard. “Admins and IT teams need to check security for the entire network, as well as correctly configure DNSSEC on the domain to properly harden servers against these new attacks.”
Hackers also continue to favor multi-vector attacks, blending combinations of network time protocol (NTP), universal datagram protocol (UDP), DNS and other popular attack vectors in more than half of all botnets over the past year, according to Nexusguard’s “2017 DDoS Attack Landscape” infographic. China and the U.S. continued to reign as the top two sources of DDoS attacks in Q4, contributing 21.8 percent and 14.3 percent of the botnets, respectively. South Korea climbed to third place, contributing nearly six percent of the global attacks, up from sixth place last quarter.
Read the full "Q4 2017 Threat Report" for more details.