The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks
The Federal Bureau of Investigation (FBI) has issued an alert warning private sector organizations in the United States about a ramp-up in the use of built-in network protocols for large-scale distributed denial-of-service (DDoS) amplification attacks.
“A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim. Typically, the attacker spoofs the source Internet Protocol (IP) address to appear as if they are the victim, resulting in traffic that overwhelms victim resources,” wrote the FBI. The alert has been posted online, including on the website of the the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).
The FBI highlights recent threat vectors and developments, noting that the first DDoS amplification attacks to abuse the network protocols go back to December 2018, when cybercriminals exploited the multicast and command transmission features of the Constrained Application Protocol (CoAP). Most of the internet-accessible CoAP devices can be found in China and are using peer-to-peer networks.
During the summer of 2019, attackers took aim at the Web Services Dynamic Discovery (WS-DD) protocol to launch more than 130 DDoS attacks, some of which achieved a magnitude of 350 Gigabits per second. Internet of Things (IoT) devices use WS-DD protocols to automatically detect other devices nearby and since there are 630,000 with this protocol enabled, they can be attractive targets used to amplify DDoS attacks. That same year, researchers also reported a rise in the use of misconfigured IoT devices in amplified DDoS attacks.
In October 2019, miscreants abus ..
Support the originator by clicking the read the rest link below.
