Attackers are harnessing the power of the internet, leveraging the proliferation of devices in the ever-expanding internet of things (IoT) to launch terabit-per-second–scale distributed denial-of-service (DDoS) attacks, according to NETSCOUT’s 2018 Threat Intelligence Report.
DDoS attackers represent a wide range of actors with various motivations. While some are malware authors, others are opportunistic criminals taking advantage of affordable services for hire. “They are a busy group, constantly developing new technologies and enabling new services while utilizing known vulnerabilities, pre-existing botnets and well-understood attack techniques,” the report wrote.
Additionally, DDoS attacks continue to grow in size, volume, frequency and targets with advanced persistent threat (APT) groups expanding beyond traditional areas. Attackers are using new DDoS attack vectors and methods, with 2018 giving way to the DDoS terabit attack era. Thus far, the largest DDoS attack ever recorded was at 1.7Tbps, NETSCOUT Arbor wrote in a press release.
The first half of 2018 saw 47 DDoS attacks larger than 300Gbps, nearly seven times the number of attacks seen during the same period in 2017. “DDoS activity now often involves hundreds of thousands—or even millions— of victims who largely serve to amplify the attack or end up as collateral damage, as indicated by the SSDP diffraction attacks that originated in 2015 and resurfaced this year,” the report wrote.
The threat landscape is moving more rapidly as attacks modify their tactics, according to Hardik Modi, head of ASERT. “Methods that are commonplace in the DDoS threat tool kit have sprung to crimeware and espionage. This accelerating internet-scale threat paradigm changes the frontiers for where and how attacks can be launched, observed and interdicted.”
The report also found that state-sponsored activity has become more commonplace with a broad tier of nation-state APT groups leveraging internet-scale attacks, such as NotPetya, CCleaner and VPNFilter. In addition, crimeware actors, inspired by these large-scale global attacks, have adopted the self-propagation technique, which allows malware to easily spread more rapidly.