Nexusguard research highlights multi-vector attacks, Android botnets as major Q3 cybersecurity issue

Cybersecurity report findings reveal 55 percent of attacks use multiple vectors for maximum complexity.

Multi-vector attacks dominated distributed denial of service (DDoS) in the third quarter of 2017, reaching nearly 55 percent of attack types and typically blending UDP-flood, NTP amplification and other popular vectors, according to Nexusguard’s “Q3 2017 Threat Report.” The quarterly report, which measured more than 9,600 attacks, shows hackers are increasingly blending multiple attack vectors, including hijacking zombie phones for Android botnets. Cybersecurity experts also found a significant rise in network time protocol (NTP) amplification attacks – 10 times more than the same period in 2016. Meanwhile, universal datagram protocol (UDP) attacks targeting DNS servers and amplifying volume through IP-connected devices continued to be a pop, with a 68 percent increase in activity since the previous quarter.

Nexusguard’s quarterly distributed denial of service (DDoS) reports are based on the company’s collection of real-time data regarding threats facing enterprises and service provider networks around the world. The company gathers data from botnet scanning, Honeypots, internet service providers (ISPs) and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global attack trends. With the overall number of attacks rising more than 15 percent over Q2, Nexusguard recommends companies evaluate the responsiveness and scalability of their mitigation approaches to handle the continued growth.

“Our Q1 predictions that UDP-based attacks originating from NTP vulnerabilities would increase came true, as we observed NTP amplification reach a new high with a 425 percent jump compared to Q2,” said Juniman Kasman, chief technology officer for Nexusguard. “Additionally, multi-vector attacks created higher levels of difficulty in differentiating attack traffic from normal traffic, overwhelming traditional mitigation methods. To protect against these types of attacks, organizations need to develop coordinated efforts to uncover new threats, remedy affected apps and ensure mitigation methods can flex and suppress growing attacks.”

“The popularity of the Mirai botnet and similar IoT vulnerabilities gave hackers ample ammo to overwhelm security and operations in Q4,” said Juniman Kasman, Chief Technology Office for Nexusguard. “Malicious actors will continue to invent new attacks and blend them with multiple factors for maximum effect, causing companies to develop strategic response teams that can quickly handle new threats.”

As hackers expand their repertoires beyond connected IoT botnets, they hijack other zombie devices to create Android botnets and other new threats, such as the WireX botnet infecting 100 countries and 120,000 Android devices. China retained its top spot in the distribution of global attack sources, responsible for nearly 21 percent of worldwide attacks. The U.S. remained in second place, as the source of just more than 15 percent of all attacks, and France climbed from eighth place in Q2 to third place in Q3, more than tripling its slice of the attack source pie.

Read the full "Q3 2017 Threat Report" for more details.