Cybersecurity
The Dark Side Of Cybersecurity: DDoS Weapons & COVID-19
The rise of low-volume DDoS attacks and weaponising of Smart and IoT-powered devices make organisations more vulnerable to malicious botnets and phishers, says Amr Alashaal, Regional Vice President – Middle East at A10 Networks.
The world has been going through significant changes: facing a global COVID-19 pandemic, researching how the SARS-CoV-2 virus works, and then delivering defense via vaccines to fight back.
Similarly, in the world of cybersecurity, we saw many changes in the first half of 2021. A10 Networks’ recent report on the H1 2021: The Global State of DDoS Weapons sheds light on potential DDoS weapons and their behaviour to ensure DDoS attacks can be mitigated regardless of the country or organization they belong to.
The report provides detailed insights into the origins of DDoS activity, how easily and quickly modern malware can hijack IoT devices and convert them into malicious botnets, and what organisations can do to protect against such activities.
As per the report, while DDoS attacks kept growing in size and frequency, attackers particularly focused on low-volume attacks that ran for longer periods of time, frequently injecting attack traffic.
These low-volume attacks helped them evade basic defensive measures, but low thresholds still had a significant impact on systems and operations. We also saw some positive changes, for example, a large-scale botnet takedown by an international operation across different continents.
Organisations began paying a lot more attention to DDoS, raising awareness around the role of malware in DDoS attacks, and providing insights into how systems and operations can be protected from attacks, large or small.
Organisations are paying more attention to infectious malware, like Mozi. In fact, some vigilante groups have even started using DDoS attacks as a defensive measure, attacking systems that exhibit scanning behavior.
A10 has seen this behavior exhibited on our own honeypots. While employing DDoS attacks against the very attackers might be considered controversial, it helps ultimately reduce DDoS attacks and the expansion of botnets.
Key Insights from the report:
- The total number of DDoS weapons has increased by approximately 2.5mn in the first half of 2021, in line with the last two reports, with a total number of approximately 15 million weapons. This number includes both reflected amplification weapons as well as botnet agents readily available for exploitation by attackers.
- SSDP (Simple Service Discovery Protocol), which can be a dangerous and potent DDoS weapon, remained at the top with over 3.2mn potential weapons exposed to the internet. The rest of the weapons remained virtually the same as before, with SNMP, Portmap, TFTP and DNS Resolvers as the top-five. It is important to note that almost all of these weapons experienced a growth in numbers with the exception of DNS Resolvers, which had a reduction of over 300,000 weapons.
- China continues to lead in hosting the highest number of potential DDoS weapons (almost 2mn), including both amplification weapons and botnet agents.
- The United States remains the second largest source of DDoS weaponry, particularly amplification weapons.
- The number of total botnet agents was almost halved, with China hosting 44 per cent of the total number of drones available worldwide.
- Mozi, one of the highly prevalent malware in the DDoS world, topped out at over 360,000 unique systems using more than 285,000 unique source IP addresses, likely due to address translation. First identified in 2019, Mozi has been evolving and increasing in size ever since. It can now persist on network devices by infiltrating the device’s file system, remaining functional even after the device has been rebooted. The Mozi botnet includes infected bots around the globe with China, India, Russia, Brazil, and Vietnam leading the list of countries and regions.
In conclusion, cybercriminals and cyberattacks have been evolving at a steady pace. With new attacks and new malware variants that come out, we see new layers of sophistication in how IoT and smart devices are weaponised. While these attacks become more prevalent, one thing is quite obvious — they don’t go unnoticed.
Now is the time to update our defensive strategies by incorporating the Zero Trust model and investing in modern, artificial intelligence/machine learning-based solutions that will not only defeat attacks in real-time, but also protect against the unknown.
-
OER Magazines2 months ago
OER, September 2024
-
Uncategorized1 month ago
Oman Oil Marketing Company partners with Ihsaan Association to support its activities
-
Commodities2 months ago
Gold Rangebound as Investors Brace for Key US Economic Data
-
OER Magazines3 weeks ago
Signature, October 24
-
Alamaliktistaad Magazines3 weeks ago
Al-iktisaad, October 24
-
Banking & Finance2 months ago
Apple Pay Officially Launched in Oman
-
Oil & Gas1 month ago
OQEP Appoints United Securities as Liquidity Provider Ahead of Landmark MSX Listing
-
Lifestyle2 months ago
Royal Opera House Muscat Welcomes First Shows of its 2024/25 Season