As bad actors seek ever-more lucrative ways to enhance their Distributed Denial of Service (DDoS) attacks, analysts are noticing a sustained effort from the black hat community to amplify their firepower.
Nexusguard has released new data revealing that DNS amplification attacks worldwide have increased 700% since 2016. In the first quarter of 2018, 55 DNS amplification attacks relied on vulnerable Memcached servers to amplify their DDoS efficiency by a factor of 51,000.
A DNS amplification attack is a sophisticated DDoS attack that takes advantage of DNS servers’ behavior to amplify the effect. The victim receives an enormous amount of unsolicited traffic resulting in denial of service.
Researchers discovered that DNS amplification (4,791 attacks), UDP (1,806), and ICMP (1,608) took first, second and third place. DNS amplification attacks accounted for 33.23% of attack vectors.
“Taking into consideration the full range of Amplifications (DNS, NTP, SSDP, CLDAP, CHARGEN, SNMP, and Memcached) brings us to 36.67% of the total attacks in the quarter. Clearly, attackers strongly prefer amplification attacks,” according to Nexusguard.
“Cyberattackers continue to seek new vulnerabilities to pursue more firepower, launching more amplification attacks through unguarded Memcached servers and poorly configured DNSSEC-enabled DNS servers the past two quarters, and we expect this trend to continue,” according to Juniman Kasman, CTO of Nexusguard.
Many organizations continue to leave their Memcached servers connected to the internet — a huge no-no in the IT industry. While the number of unguarded Memcached servers is dropping, many remain vulnerable to attacks.