Nexusguard DDoS research shows hackers used blended cyberattacks on financial, government sectors

Cybersecurity analysts advise businesses take action to avoid overloading systems.

Distributed denial of service (DDoS) attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard’s “Q4 2016 Threat Report.” The hybrid attacks were a common attack pattern against financial and government institutions. Nexusguard, the worldwide leader in DDoS security solutions, analyzes a network of vulnerable devices for new cyberthreats across national and organizational boundaries. The company scans attack data for trends in vectors, duration, sources and other characteristics to inform organizations across industries of the latest methods. Nexusguard’s quarterly reports arm security professionals with the latest internet security information to help them anticipate threats to their networks.  

The supersized Mirai attack from Q3 set the stage for Q4 challenges, resulting in a ripple of botnets from connected devices and the Internet of Things (IoT). At the close of 2016, Nexusguard researchers observed more than 426,700 bots executed since IoT botnet monitoring began in October. Attacks skyrocketed 150 percent between November and December, which researchers also attributed to the outbreak of the Mirai botnet source code. The growth of sophisticated DDoS attacks quickly overloaded systems and impeded the identification of hacking activities in Q4. Nexusguard recommends organizations evaluate in-house capabilities alongside outsourced bandwidth to ensure support teams can analyze incidents and recommend solutions in a timely fashion.

“The popularity of the Mirai botnet and similar IoT vulnerabilities gave hackers ample ammo to overwhelm security and operations in Q4,” said Juniman Kasman, Chief Technology Office for Nexusguard. “Malicious actors will continue to invent new attacks and blend them with multiple factors for maximum effect, causing companies to develop strategic response teams that can quickly handle new threats.”

Nexusguard analysts found China and the U.S. were the predominant countries vulnerable to IoT botnets, with 116,000 and 41,200 IoT botnets recorded respectively. While hackers continue to switch tactics to confuse cybersecurity teams, 97.5 percent of DDoS attacks used NTP methods, which continued to be the most popular DDoS attack method during the second half of 2016. Researchers predict IoT botnets will continue to pose major cybersecurity challenges in 2017, causing more volumetric attacks at higher frequencies.

Read the full "Q4 2016 Threat Report " for more details.