Dive Brief:
- Distributed denial of service attacks surged during the second quarter as criminal and state-linked hacking organizations unleashed a number of sophisticated attacks against critical infrastructure providers and other organizations across the globe, Cloudflare said in a report released Tuesday.
- Experts linked pro-Russia hacktivist groups, including Killnet and Anonymous Sudan, to recent major DDoS attacks against Microsoft and threats against financial centers in the U.S. and Europe.
- Cloudflare research shows a sharp increase in deliberately engineered and targeted DNS attacks.
Dive Insight:
Cloudflare researchers report "alarming" increases in highly randomized and sophisticated HTTP DDoS attacks in recent months.
“In some cases, these types of attacks are virtually indistinguishable from legitimate user traffic,” Omer Yoachimik, product manager of Cloudflare’s DDoS protection service, said via email. “Attackers have shown they are able to excel at imitating browser behavior which makes it especially challenging to filter the bad traffic without impacting legitimate traffic.”
Among the most serious attacks during the quarter, researchers noted an ACK flood DDoS attack that originated from a Mirai-variant botnet comprising about 11,000 IP addresses. The attack targeted an internet service provider in the U.S. and peaked at 1.4 terabits per second.
Mattias Wåhlén, threat intelligence expert at Truesec, said the rise in DDoS attacks is linked to the increased use of flooding attacks, which are considered much more difficult to defend against compared with traditional DDoS attacks.
“These attacks are far more effective, as they tie [up] much more of the server’s capacity,” Wahlen said.
In June, the Cybersecurity and Infrastructure Security Agency urged organizations to monitor their computer networks and exercise vigilance in order to determine whether outages were maintenance related or linked to an attack.
Hackvists earlier this month claimed to have attacked payments company Stripe and the Treasury Department’s Electronic Federal Tax Payment System.
Anonymous Sudan is now claiming a DDoS attack against the National Institute of Standards and Technology, Wåhlén said. NIST officials are investigating an outage that took place between 2 a.m. and 3 a.m. on Tuesday, according to an agency spokesperson.