Cybersecurity
DDoS Attacks and Mitigation
A distributed denial of service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. According to Netscout DDoS Threat Intelligence Report, cybercriminals launched almost 7.9 million DDoS attacks in the first half of 2023, representing a 31% year-over-year increase.
What is DDoS mitigation?
DDoS mitigation is the process of effectively safeguarding a targeted server or network against distributed denial-of-service (DDoS) attacks. This protection is achieved through the use of specialized network equipment or cloud-based protection services, enabling the targeted victim to counter the incoming threat.
A 1H 2021 threat intelligence report from NetScout found that 5.4 million DDoS attacks were launched in the first half of 2021, which shows an 11% year-on-year increase. DDoS attacks are typically launched using botnets to overwhelm a target’s servers. It was also reported that there was a rise in cybercriminals targeting ISPs in 2021 via the Lazarus DDoS extortion campaign, focusing on authoritative domain servers. These DNS servers match IP addresses with domain names and provide details on where websites can be found to recursive DNS nameservers.
In addition to the Lazarus DDoS extortion campaign, The report also showed that adversaries use tracked botnet clusters worldwide to facilitate over 2.8 million DDoS attacks. The Gafgyt and Mirai botnets made up more than half of these reported attacks. The report states, “Ransomware gangs added triple-extortion DDoS tactics to their repertoire. Simultaneously, the Fancy Lazarus DDoS extortion campaign kicked into high gear threatening organizations in multiple industries with a focus on ISPs and specifically their authoritative DNS servers.”
While the Fancy Lazarus DDoS extortion campaign hit hard in 2021, the Mirai botnet has historically been malignant to industries and has always been a threat to companies that are vulnerable to DDoS attacks due to a lack of prevention tools and best practices.
Mirai, which is Japanese for “The Future”, is a botnet first founded in August 2016. Mirai scans the internet for Internet of Things (IoT) devices like IP cameras and home routers runs the login against a table of more than 60 common factory default usernames and passwords and logs in to infect the device. Infected devices will continue to function normally, except for occasional sluggishness, and an increased use of bandwidth so it is difficult for a normal home user to notice or identify. Upon infection, Mirai will identify “competing” malware remove them from memory, and block remote administration ports, essentially closing the door behind it. Infected devices will monitor a Command and Control server (C&C) for instructions on intended targets.
Mirai was used in the 2016 DDoS attack on Brian Krebs’s website, “Krebs on Security” which reportedly reached 620 Gbit/s. Ars Technica also reported a 1 Tbit/s attack on French web host OVH. On October 21st, 2016, multiple major DDoS attacks in DNS services of DNS service provider Dyn occurred using Mirai malware, resulting in the inaccessibility of several high-profile websites such as GitHub, Twitter, Reddit, Netflix, Airbnb, and many others.
Make sure that your organization is implementing the right DDoS prevention tools and methods by contacting Thrive today. There’s no need to feel alone in the security world, let our highly trained professionals assist in mitigation technologies and help protect against bulk volumetric, layer 7 application, and SSL/HTTPS DDoS attacks.