Spreading tiny parts of junk traffic across a wide range of IP addresses can wreak havoc, while avoiding detection.
A new type of DDoS attacks has emerged, and it targets communications service providers (CSP). According to security firm Nexusguard, cybercriminals attack the large attack surface of ASN-level (autonomous system number) CSPs by spreading ‘tiny attack traffic’ across hundreds of IP addresses.
This allows them to avoid being detected.
Roughly two thirds (65.5 per cent) of DDoS attacks in the third quarter of last year targeted CSPs. Hundreds of IP prefixes were used, which means hackers had access to a ‘diverse pool’ of IP addresses.
“As a result, the year-over-year average attack size in the quarter fell measurably – 82 per cent,” the report states.
The activity usually goes like this: first cybercriminals map out the network landscape of their target, and try to identify key IP ranges. Then they inject tiny pieces of junk traffic to mix with the legitimate one. The small size allows it to bypass detection.
“Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes,” said Juniman Kasman, chief technology officer for Nexusguard. “Diffused traffic can cause communications service providers to easily miss large-scale DDoS attacks in the making, which is why these organizations will need to share the load with the cloud at the network edge to minimize attack impact.”