News Feature | May 2, 2016

Increased Use Of Multi-Vector DDoS Attacks Targeting Companies

Christine Kern

By Christine Kern, contributing writer

Smokescreening DDOS

Report identifies common tactics and offers key takeaways for CIOs.

The Neustar Security Operations Center (SOC) is on the front-line in the fight against DDoS attacks. With attack vectors ranging from Chargen to UDP, the SOC has seen and defended countless assaults, noting attacker trends and techniques along the way. Recently, the SOC released its first report, sharing technical insights gained from the distributed denial of service (DDoS) attacks mitigated by the company in 2015.

“In recent years, DDoS attacks have evolved from a small nuisance to a stealth weapon capable of crippling digital infrastructures,” said Brian Foster, Senior Vice President of Information Services for Neustar. “The DDoS attacks of 2015 were persistent, with 32 percent of attacks occurring in Q4 and in time for Cyber Monday. Already in 2016, we are seeing an expansion of the use of DDoS attacks, whether for solo attacks or in conjunction with other sinister activity, including extortion and intrusion.”

In 2015, Neustar found, “DDoS attack vectors ranged from using Domain Name Service (DNS) as a reflection source, one of the oldest types of UDP (User Datagram Protocol) amplification attacks, to targeted strikes using DNSSEC (Domain Name System Security Extensions) signed zones. The company also saw an uptick in attacks using multiple vectors that probed defenses and persisted until they succeed. For companies that are not prepared, the impact of a DDoS attack can cost a company up to US$1 million per hour that the website is down.”

The rise of the multi-vector attack is particularly troubling, and Neustar found 47 percent of all multi-vector attacks happened during the fourth quarter; 17 percent of all attacks involved multiple vectors; and 57 percent of all multi-vector attacks involved reflection attacks.

“Rather than just hit with a massive DDoS strike, multi-vector attacks are more alarming because they require dexterity, familiarity with attack methods, and they can also be used as a smokescreen to insert malware and sneak out sensitive company information,” Foster added.

The SOC also observed there was persistent use of multi-vector attacks to probe defenses for vulnerabilities; 32 percent of attacks occurred in Q4, just in time for Cyber Monday and the holiday shopping season; and the use of DNSSEC as an attack amplifier. The report also provides five key takeaways for CIOS:

  • Sometimes a single vector attack just will not do. Attackers are persistent, and will try different attack methods to ensure ultimate success.
  • Death by a thousand cuts. Attackers can use smaller, pointed assaults to “fly under the radar and avoid network-level DDoS detection,” thus disrupting the network and set up exfiltration opportunities.
  • They are the most dangerous times of the year. Attackers purposefully target high-volume transaction periods to strike.
  • Defend your DNS. Quarter four saw skyrocketing DNS attacks, so protecting the DNS can help prevent infiltration.
  • The combat continues: DDoS attacks are inevitable, but not insurmountable. The best defense remains and active, vigilant defense.