DDoS attacks down in number but volume of assaults up massively

Martyn Warwick
By Martyn Warwick

Aug 8, 2018

via Flickr ©  SurfaceWarriors (CC BY-SA 2.0)

via Flickr © SurfaceWarriors (CC BY-SA 2.0)

  • Evolution of Internet-scale assaults continue to accelerate even as they mutate
  • First ever terabit attack happened in February this year
  • Traditional wireline telcos are the most frequently attacked
  • Big cyber-criminal focus on crypto-currency mining and theft

After yesterday's revelation that the Chairman of the US Federal Communications Commission, "Porkies" Pai, simply made up the story about the agency suffering a massive DDoS attack that brought down the FCC's servers and loudly insisted that the attack was instigated by a shadowy cabal of unnamed conspirators, it transpires that the outage was actually caused by a huge number of concerned citizens exercising their right to register their disapproval of the bulldozing through of new net neutrality regime that rescinded regulatory protections introduced by the somewhat different regime that was in place during the years Barack Obama was president of the US. It was fake news trumpeted out in what has, unfortunately, now become the new norm of aggressive, unverifiable bombast.

So as a counterbalance here is a piece of real news, based on real, verifiable facts. Netscout Systems Inc., the Westford, Massachusetts-headquartered provider of network performance management, service assurance, security and business analytics products and and services has released a research report showing that telecoms providers are at the very top of the list of prime targets where DDoS attacks are concerned. Not only that but the volume of attacks detected continued to rise and rise over the course of the past 12 months.

Netscout monitors some 33 per cent of global Internet traffic and the company's 2018 Threat Intelligence Report covers the latest cyber attack trends ranging from what is called "Nation State Threat Advanced Persistent Threat" (APT), through to criminal groups, crimeware operations and DDoS attacks and concerted multi-vector campaigns.

The report shows that there were actually fewer DDoS attacks over the year in question but those that did take place were  at a much higher volume. Indeed there was a 174 per cent increase in DDoS attacks between July 2017 and July 2018. A record of some sort was set in February when the first terabit (actually 1.7 Tbps) DDoS attack was recorded. It was later and successfully countered and mitigated but the trend towards bigger and bigger attacks is evident and others are now regarded as inevitable.

Over the course of the first six months of this year there were 47 DDoS attacks greater than 300Gbps globally. There were a mere seven over the same period in 2017. Between January and June this year the Asia Pacific region was particularly heavily targeted. At least 35 attacks greater than 300Gbps were recorded as opposed to just five attacks for the first half of last year.

Traditional wireline telcos at the top of the hit list

Interestingly, and ominously, traditional wireline-centric telcos are the most popular vertical target for cyber-criminals. An astonishing 793,377 known attacks have been recoded to date so far this year. It's a huge figure but it is actually a numerical improvement on 2017 when 996,495 attacks were reported. However the massive volume of DDoS attacks is continuing to grow and an attack or attacks in excess of the current 'record' of 1.7 Tbps is expected soon, so things are certainly not improving.

Also at the high on the list of the Top Ten Targets is international affairs. Now the sixth most targeted vertical, international affairs did not feature at all in last year's listings. The sector includes public administration, embassies, consulates, the International Monetary Fund, the US State Department and the United Nations amongst many other organisations.

As APT groups expand and proliferate, state-sponsored activity has developed to such an extent that a wide range of nation states are routinely found to be conducting closely targeted cyber attacks and Internet-scale selective intrusions. AS you might expect the usual suspects include Iran, North Korea and Russia.

In addition to concerted attempts by APT groups to disrupt and pervert democracy and foster and promote populism, so -called 'crimeware' gangs are refining, perfecting and diversifying their attack methodologies. They are taking their cue and inspiration from the infamous WannaCry ransomware attack of 2017, which was targeted at computers running the Microsoft Windows OS.

WannaCry encrypted all the data it touched and infected and then the cyber-criminals demanded ransom payments to restore the data, ransoms that had to be paid in Bitcoin cryptocurrency. WannaCry propagated very quickly and within a matter of a couple of days it had infected more than 250,000 computers across 150 countries and caused massive economic damage worth billions of dollars. The attack was ended only when a 'kill switch' was discovered by those seeking to stop the assault. Security experts from around the world later announced that WannaCry originated from North Korea.

But that was then, and crimeware gangs have learned and are now using sophisticated self-propagation methods to ensure that attacks can't be eliminated via a simple killswitch. Their new tactics enable malware to spread much more quickly and with greater ease and the villains still want paying in Bitcoin. Simultaneously, crimeware groups are also concentrating on cryptocurrency mining and quick-fire, multi-vector attacks.

And, finally and by the way, for those out there not au fait with the Cockney rhyming slang that is embedded so deep in English colloquial language and culture, "pork pie" (a revered part of British cuisine) is rhyming slang for "lie". Thus 'telling porkies' is being "economical with the verité" as one infamous politician had it when caught lying through his teeth to the British Parliament.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.