Distributed denial-of-service attacks have quickly become one of the favorite tools among cyber criminals around the world. It appears some groups are taking things to the next level by leveraging the CLDAP protocol. As a result, they can amplify their DDoS attacks by as much as 700%. This is a very troublesome development, to say the least.
CLDAP PROTOCOL IS NOW A CRIMINAL TOOL
For those people who are unaware of what the CLDAP protocol is, allow us to briefly explain. It is a communication protocol used to connect, search, and modify internet directories. As one would expect, this particular protocol provides high performance at all times, as it can pump through data at an accelerated pace. So far, this protocol has only been used among network administrators to query data with relative ease.
Unfortunately, all good technologies are often used for nefarious purposes, and the CLDAP protocol is no different in this regard. A new report has surfaced, indicating criminals use CLDAP to amplify their direct denial-of-service attacks. It is believed they can make such attacks up to 70 times as powerful as before, which does not bode well for any part of the global internet infrastructure.
Researchers claim cybercriminals have been abusing the CLDAP protocol since late last year. That is quite a worrisome thought, although it is unclear which companies or services were targeted exactly. DDoS attacks leveraging the CLDAP protocol is not a positive development, as it only allows cybercriminals to shut down online services and platforms more easily. The last thing this world needs is more tools for online criminals to do bigger damage with less effort.
The amplification part of the CLDAP protocol is of particular concern to security researchers right now. By using the CLDAP protocol, DDoS attackers can artificially increase the number of times a data packet is enlarged. At its peak, the CLDAP protocol can increase data packet sizes by as much as 700%. To be more specific, One bit of data sent through a DDoS attack over the CLDAP protocol results in the target receiving 700 bytes of data.
So far, researchers have discovered over four dozen DDoS attacks leveraging the CLDAP protocol. That is quite a significant number, although it is only a hint of what the future will hold. Given the vulnerability of the Internet of Things devices, leveraging a hundred devices can now become as powerful as using 7,000 devices in a coordinated DDoS attack. It wouldn’t take much effort to shut down websites, online banking portals or even DNS service provides such as DynDNS.
To put this latter part into perspective, it takes 1 Gbps of sustained HTTP requests to shut down the average website. The biggest DDoS attack leveraging CLDAP put through 24 Gbps, and that was merely a test to see how well the protocol would hold up under sustained throughput. It is evident things will get a lot more troublesome from here on out. Anti-DDoS providers will need to find ways to filter CLDAP traffic rather than try to block it, as they will fall woefully short otherwise.