• China, Korea, and India among the top countries hosting DDoS weapons
• Internet of Things (IoT) devices using machine-to-machine communications protocol
increasingly exploitable
A total of 23,487,185 distributed denial of service (DDoS) weapons are currently in the wild, according to A10 Networks’ latest State of DDoS Weapons Report.
Weapons are hosted in countries with a dense Internet-connected population. China and the US currently host the largest number of DDoS weapons, with 6,114,312 and 2,636,103 weapons respectively. Other Asian countries hosting DDoS weaponry include Korea at 872,744 weapons, and India with 615,239 weapons.
The study found that the number of connected devices is growing faster than the number of connected people. According to A10 Networks, it has taken over 25 years since the birth of the Internet to connect 55% of the 7.6 billion people on the planet. This is a linearised rate of 4.6 people per second.
The IoT is growing at a rate of 127 connected devices per second, before the advent of 5G. Given that these devices are the perfect host for botnets, the amount of DDoS weaponry available to attackers will grow significantly too. According to the study, the problem will go hyperscale with 5G.
A10 Networks also stated that the largest DDoS attacks have one thing in common - amplification.
This attack strategy sends volumes of small requests to exposed servers, with each request bearing the spoofed IP address of a victim. Instead of a single reply to the request, compromised servers respond with many more responses to the victim than normal. This overwhelms the victim’s server even more quickly than usual.
Services on servers that can amplify an attack include DNS, NTP, SSDP, SNMP and CLDAP UDP. The study found that China is the country most frequently targeted by DNS resolver-based, SSDP-based, and TFTP-based weapons. Meanwhile, Korea is most frequently attacked with SNMP-based weapons.
The latest IoT threat comes from the Constrained Application Protocol (CoAP). This machine-to-machine management protocol, which does not require authentication to reply with a large response to a small request, is frequently deployed on IoT devices supporting applications such as smart energy and building automation. The study also found that 414,130 vulnerable IoT devices being used in attacks today. Almost all (98%) of these weapons are located in China.
“Today, cyberdefence is no longer about playing catch-up with criminals. It is about strengthening defences and locating where the threats are,” said Song Tang Yih, VP, Asia Pacific, Sales, A10 Networks.
“Once you know where weapons are located, businesses can build a dynamic weaponry inventory in the form of blacklists made up of millions of suspect IPs. Policies can then be developed to proactively block them. Ultimately, having a proactive defense that harnesses intelligent automation, machine learning, and artificial intelligence to enable zero-touch protection is a necessity.”
• Internet of Things (IoT) devices using machine-to-machine communications protocol
increasingly exploitable
A total of 23,487,185 distributed denial of service (DDoS) weapons are currently in the wild, according to A10 Networks’ latest State of DDoS Weapons Report.
Weapons are hosted in countries with a dense Internet-connected population. China and the US currently host the largest number of DDoS weapons, with 6,114,312 and 2,636,103 weapons respectively. Other Asian countries hosting DDoS weaponry include Korea at 872,744 weapons, and India with 615,239 weapons.
The study found that the number of connected devices is growing faster than the number of connected people. According to A10 Networks, it has taken over 25 years since the birth of the Internet to connect 55% of the 7.6 billion people on the planet. This is a linearised rate of 4.6 people per second.
The IoT is growing at a rate of 127 connected devices per second, before the advent of 5G. Given that these devices are the perfect host for botnets, the amount of DDoS weaponry available to attackers will grow significantly too. According to the study, the problem will go hyperscale with 5G.
A10 Networks also stated that the largest DDoS attacks have one thing in common - amplification.
This attack strategy sends volumes of small requests to exposed servers, with each request bearing the spoofed IP address of a victim. Instead of a single reply to the request, compromised servers respond with many more responses to the victim than normal. This overwhelms the victim’s server even more quickly than usual.
Services on servers that can amplify an attack include DNS, NTP, SSDP, SNMP and CLDAP UDP. The study found that China is the country most frequently targeted by DNS resolver-based, SSDP-based, and TFTP-based weapons. Meanwhile, Korea is most frequently attacked with SNMP-based weapons.
The latest IoT threat comes from the Constrained Application Protocol (CoAP). This machine-to-machine management protocol, which does not require authentication to reply with a large response to a small request, is frequently deployed on IoT devices supporting applications such as smart energy and building automation. The study also found that 414,130 vulnerable IoT devices being used in attacks today. Almost all (98%) of these weapons are located in China.
“Today, cyberdefence is no longer about playing catch-up with criminals. It is about strengthening defences and locating where the threats are,” said Song Tang Yih, VP, Asia Pacific, Sales, A10 Networks.
“Once you know where weapons are located, businesses can build a dynamic weaponry inventory in the form of blacklists made up of millions of suspect IPs. Policies can then be developed to proactively block them. Ultimately, having a proactive defense that harnesses intelligent automation, machine learning, and artificial intelligence to enable zero-touch protection is a necessity.”
No comments:
Post a Comment