Telegram, Wikipedia, AWS: In 2019, there were new reports every month about DDoS attacks and their consequences for the economy, administration and society, ranging from blackmail and vandalism to political and economic protest. The following incidents attracted particular attention, as they had serious consequences.
The Anonymous group called for DDoS attacks against Zimbabwe’s state administrative and financial websites earlier this year as a political protest.
In June, DDoS attacks crashed Telegram’s Messenger app. The Telegram boss suspected that the Chinese government was behind the attacks, as they coincided with the protests in Hong Kong.
The British Labour Party’s website and other digital communication platforms were sabotaged in November in the middle of the election campaign.
Networks and IT infrastructures of schools and universities are regularly targeted by attackers. In February, the Magister learning platform was unavailable to tens of thousands of secondary school pupils in the Netherlands – and, with that, also timetables, exercise material and homework information. The University of Albany in New York State was attacked more than a dozen times within two weeks in February/March.
Over a period of one week in October, use of the University of Kiel’s 30,000 computers and their installed browser and mail programs was made slow or impossible.
A group called Turkish Hackers attacked numerous hosting and Internet service providers in Italy in May 2019 and demanded protection money in Bitcoins.
Companies in Germany, Austria and Switzerland received serious blackmail emails purporting to be from Fancy Bear. By carrying out warning attacks, the perpetrators showed how serious they were about their demands.
At the beginning of September, Wikipedia pages went offline for hours in many countries of the world. IoT devices are said to have been misused for the attack.
The fact that Amazon Web Services (AWS) was unavailable for eight hours in large parts of the world in October caused a huge media response and a presumed damage of over 100 million euros to companies that use it.
The mostly unknown attackers employed both tried and test techniques alongside new methods. Techniques such as UDP floods, which generate large attack volumes, have been in use since the early days of DDoS attacks 20 years ago. They have lost none of their danger and volume potential. By combining UDP floods with reflection amplification techniques, which send attacks via other servers and thus amplify them, there are no upper limits to the attack bandwidths. DNS reflection and CLDAP amplification were not only detected particularly frequently in 2019, but were also regularly the decisive vectors for increasing attack bandwidths.
DDoS attackers are always looking for and finding new vulnerabilities and methods to bypass existing protection solutions and cause system overloads. According to observations by Link11, two new attack vectors appeared on the scene in the second half of 2019: They aimed WS Discovery and Apple Remote Protocol, both of which have been in service since 2005.
At the same time, the half-life for new vectors appears to have decreased. Reflection amplification vectors such as memcached reflection or CoAP made headlines in 2018. In 2019, they were hardly seen anymore.
DDoS attacks are not only a growing challenge for companies, but also for security services worldwide. In Germany, the Federal Office for Information Security (BSI) spoke of a constantly tense threat situation in 2019. The Federal Office gave five reasons for this:
In Germany, DDoS attacks were the second most common type of attack in recent months after malware infections. According to the Cyber Security Survey by the Alliance for Cyber Security, they accounted for 18% of all attacks.
According to Europol, DDoS attacks were among the biggest cyber threats after phishing and ransomware. The European police authorities cite extortion as the main driver of the attacks that were reported to the police. Europol identified the financial sector and the public sector as the most common targets.
The U.S. Department of Homeland Security has drawn particular attention to the danger posed by growing attack volumes: DDoS bandwidths have increased tenfold over the past five years. The authority doubts whether the current network infrastructure will be able to withstand future attacks. The Ministry is also concerned about the growing number of unsafe IoT devices that can be misused for DDoS attacks.
DDoS attacks and combating them will remain an important topic for IT security managers in 2020. What types of attacks will companies and the public sector face in the coming months?
According to LSOC observations, the average attack bandwidth increased by approx. 10% in one year. For 2019 it was 5.1 Gbps. And rising! In view of companies’ very narrow-band external connections, comparatively low bandwidths are unfortunately still sufficient to cause the greatest possible damage with minimum effort.
The proportion of intelligent multi-vector attacks increases every year. In 2019 it was over 50 percent. The attackers used the different attack techniques either simultaneously or in a staggered manner, whereby they targeted different levels and vulnerabilities. This attack methodology requires more defensive effort, since all individual vectors must be identified in order to recognize a pattern.
DDoS attacks carried out using cloud servers, among other things, are no longer the exception, but the rule. While in 2018 it was only every third attack, in 2019 it was every second attack. At the same time, attackers are increasingly targeting the cloud instances and products themselves, often turning the cloud into a weapon against the companies themselves.
DDoS attackers are under pressure to constantly identify new vulnerabilities and thus increase the chances of success of their attacks. It remains to be seen which new methods and protocols will shape the threat landscape in the coming months. What is certain, however, is that they will come.
The dynamic threat situation described above will present companies with ever new challenges in 2020. This applies to both detecting and combating attacks. A security strategy that takes into account the latest threat scenarios is absolutely essential. Companies should therefore seek external advice to determine which specialized security solutions minimize the risks from attacks. AI-based systems promise effective protection in this regard, which significantly exceeds that of conventional solutions.