The Massachusetts Institute of Technology (MIT) has received more than 35 DDoS campaigns so far in 2016, against several different targets, and using a variety of techniques.
An investigation by Akamai SIRT revealed that close to 43% of attack vectors leveraged during these campaigns included DDoS reflection and amplification attack vectors. Attacks originated from a combination of devices vulnerable to reflection abuse and spoofed IP sources.
The largest attack campaign peaked at 295Gbps, consisting of only a UDP flood attack. Akamai said that this originated with a malware variant known as STD/Kaiten.
Prior to that, the largest attack peaked at 89.35 using a combination of UDP flood, DNS flood and UDP fragment attack vectors—a hallmark of so-called booter or stresser services. During the campaign, attackers targeted a total of three destination IP addresses.
“Unlike Xor, these kinds of attacks are more accessible to a much larger population of malicious actors,” Akamai said in a threat advisory shared with Infosecurity. “The fact, is almost anyone with motivation and enough knowledge to determine the IP of their target can launch these attacks at low cost. A recent look at a pricing of popular sites offering DDoS stresser services show this can be performed for as little as $19.99 per month.”
The domains abused for amplification of attack responses included cpsc.gov and isc.org. The domain owners themselves are not at fault and don't feel the effects of these attacks--attackers simply abuse open resolvers by sending a barrage of spoofed DNS queries where the IP source is set to be the MIT target IP, Akamai explained.
Photo © Profile–Image