Report: Two-thirds of DDoS attacks take aim at communications service providers

Distributed denial-of-service attacks are becoming more sophisticated, according to new research by Nexusguard. (Pixabay)

In what should be a cautionary tale for enterprises, communications service providers were targeted by 65% of the distributed denial-of-service attacks in the third quarter of last year, according to a new report.

While it's not unexpected that DDoS attacks are taking aim at communications service providers (CSPs), it's how they are doing them that is of concern. According to Nexusguard's "Q3 2018 Threat Report," the new methods of attacks exploits the large attack surface of ASN-level (autonomous system number) CSPs by spreading tiny attack traffic across hundreds of IP addresses to avoid detection.

Nexusguard said the continued discovery of new attack patterns should serve as a warning for enterprises to pick service providers with the best DDoS-proof systems.


Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

"Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes,” said Juniman Kasman, chief technology officer for Nexusguard, in a prepared statement. “Diffused traffic can cause communications service providers to easily miss large-scale DDoS attacks in the making, which is why these organizations will need to share the load with the cloud at the network edge to minimize attack impact.”

As a result of the new types of attacks, the attack sizes were 82% smaller in Q3 2018 compared to the same quarter a year ago.

RELATED: Container security is a growing concern for IT professionals

Nexusguard analysts came to the conclusion that the attackers conducted reconnaissance missions to map out the network landscape and identify the mission-critical IP ranges of the targeted CSPs.

After the mapping, the attackers put bits and pieces of junk into legitimate traffic, whose size easily bypassed detection thresholds. Due to the scale involved, mitigating broadly distributed, small-sized attack traffic is more difficult at the CSP level in comparison to the traditional attack methods on a small number of targeted IP addresses.

The “bit-and-piece” attacks observed in the quarter often used open domain name system (DNS) resolvers to launch what is commonly known as DNS Amplification, which includes a targeted IP address receiving only a small number of responses in each campaign. The method of attack makes it difficult for CSPs to trace the infected traffic back to its origins.  

Nexusguard said that "black-holing" all traffic to an entire IP prefix would be costly for the CSPs, because black-holing would also block access to a large number of legitimate services.

The report also found that China advanced its lead in global attack origins by contributing more than 23% of the worldwide campaigns, while 15% of the attacks originated in the U.S.

The report also found that Simple Service Discovery Protocol amplification attacks increased 639.8% in Q3 of last year compared to Q2 2018 because of the new patterns targeted at CSPs.

According to a report last month by ABI Research, the security analytics market will reach revenues of $12 billion by 2024.

Suggested Articles

Windstream Enterprises has upgraded its WE Connect Management Portal to give users more visibility across their SD-WAN networks.

As further validation to split IBM up, Big Blue's cloud division posted double-digit revenue in the third quarter.

Cisco announced a new routing portfolio with its Catalyst 8000 Edge family of products that were designed for multi-cloud, SD-WAN and SASE use cases.