With over 23,000 recorded attacks per day, customer-facing enterprise services are bearing the brunt of attacks.
Two-thirds of customer-facing enterprise systems are bearing the majority of Distributed Denial-of-Service (DDoS) attacks, of which 8.4 million were recorded in 2019 alone.
DDoS attacks are aimed at disrupting online services. A flood of illegitimate traffic is generated by PCs, Internet of Things (IoT), and other devices which send request after request, and these queries eventually overwhelm a service. Genuine users are then unable to get through. There are different forms of DDoS that target particular aspects of a service, but resource exhaustion and HTTP floods tend to be common.
Slave systems, including devices infected with botnet-based malware, are used to launch DDoS attacks, of which threat actors are known to offer DDoS-for-hire services in the web’s underground for a pittance.
DDoS attacks continue to be a thorn in the side of enterprise companies and according to Netscout’s latest report on the topic, attack frequency is on the rise.
Netscout’s research, made public on Tuesday, says that there has been an increase of 87% in exploit attempts between the second half of 2018 and 2019. In addition, DDoS attack frequency worldwide has increased by 16%, with 16 DDoS attempts taking place every minute.
Wired and mobile telecommunications, data processing, and hosting providers are the most common targets. However, there has also been an uptick in DDoS campaigns against satellite communications, chemical manufacturing, and trades including computer equipment sellers and vehicle vendors.
When it comes to strength, the most powerful DDoS attack recorded by the company during H2 2019 was 622 Gbps. However, as noted by Netscout, such attacks can generally be considered “overkill” and will draw the attention of law enforcement; and as such, attacks are now generally within the 100 — 200 Gbps range. The number of DDoS campaigns beyond the 300 Gbps mark has dropped over the past year.
This year, it is forecast that up to 20.4 billion IoT devices will be connected to the Internet. While these devices — including mobile gadgets, intelligent home appliances, and smart speakers — are convenient, security is not always at the forefront of development lifecycles and there are still many cases when default, hardcoded credentials and vulnerabilities are exploited to add them to botnets.
Mirai, and variants thereof, is a well-known botnet used to enslave IoT devices. According to the researchers, Mirai continued to dominate over H2 2019 and close to 103,000 unique samples of Mirai-based malware were detected over this time period. In total, there has been a 57% increase in Mirai variants.
Many of these samples used brute-force attacks in exploit attempts. Honeypots set up by Netscout recorded common credential combinations including “guest/12345,” “root/xc3511,” “admin/admin,” and “root/admin.”
“As we move into 2020, IoT malware numbers will continue to rise and their capabilities to expand,” the researchers note. “Organizations and countries are beginning to fight back with standards such as OWASP Internet of Things Project and European Telecommunications Standards Institute specification TSS 103 645, as well as laws such as California’s Senate Bill 327, which bans the use of default passwords in consumer IoT devices beginning in 2020.”
In the meantime, legacy IoT devices will continue to contribute to the issue of DDoS attacks globally, as they will not necessarily be the beneficiaries of improving security standards.