Geopolitical events fuel uptick in region-specific DDoS attacks

An attack research group was the No.1 target of DDoS attacks, and the Middle East region also saw a sharp increase in attacks last quarter, according to Nexusguard.

Researchers found the attack type of choice against researchers was NTP, with some victims receiving attacks almost daily. The increase in attacks against researchers contributed to the spike in popularity of NTP-style attacks, taking back the No.1 spot from DNS vulnerabilities.

“Low-level attacks are usually not intended to necessarily deny service, but rather are used to distract security personnel and their logging tools. We call this kind of attack Dark DDoS because it acts as a smokescreen to distract IT teams from the real breach that’s taking place, which could involve data being exfiltrated, networks being mapped for vulnerabilities, or a whole host of other potential risks due to hackers’ actions,” Dave Larson, COO at Corero Network Security, told Help Net Security.

Attack duration

Security analysts also found most attacks lasted under 10 minutes, and had a mean time of five minutes. The decrease in duration could be related to the continued rise in popularity of DDoS-for-hire services, which have led to shorter attack times. As a result, Nexusguard analysts recommend organizations implement monitoring systems that can detect events on a second- or sub-second interval.

“As hackers look for new ways to leverage DDoS attacks, they have realised that short duration, sub-saturating attacks are more difficult to defeat, because they evade traditional cloud-based scrubbing centres. It stands to reason that if an attack is not seen, then it’s not cleaned up. Even if a scrubbing centre solution is activated – usually 30 minutes after the attack has been initiated – the damage has already been done. The best way to defend against these low-level, sub-saturating attacks is to use a real-time, inline DDoS mitigation solution that automatically and immediately detects and blocks such attacks,” Larson concluded.

“Researchers and their related groups are becoming high-valued targets for digital criminals. We have seen this in the past, but never as a primary target for a whole quarter,” said Terrence Gareau, chief scientist at Nexusguard. “We also found that the rise in DDoS-for-hire services is drastically changing the threat landscape, and organizations need to ensure their networks can handle new attack breeds.”

Targets by country

In studying the top 10 list of targets by country, the United States and China returned to the first and second positions, suffering more than 49,000 combined attacks.

Turkey fell out of the rankings, reinforcing Nexusguard’s previous speculation that the peak of these attacks in Q4 2015 was related to tensions between Russia and Turkey that occurred at the time.

Middle Eastern countries saw an 83 percent increase in the number of attacks in Q1, and researchers predict there will be more attacks against countries in the region as tensions continue to rise.