Threat actors have finally started using a Distributed Denial of Service (DDoS) method that has the potential to be hundreds of times stronger than the strongest recorded attacks.
Cybersecurity researchers from Akamai recently published a report in which they detailed discovering a DDoS attack that abuses middleboxes, reaching 11Gbps and 1.5 million packets per second.
We say “finally”, because this type of attack was first theorized almost a year ago by security researchers at the University of Maryland and the University of Colorado at Boulder.
Hundreds of thousands of misconfigured servers
The researchers’ paper noted there is an entire swarm of misconfigured servers out there, counting more than 100,000 endpoints, that could be abused to amplify the data threat actors use in their DDoS attacks.
These servers, also known as middleboxes, are usually deployed by nation-states and used to censor unwanted content, block pirated content, porn, or gambling sites.
The misconfiguration part lies in the fact that these servers don’t follow transmission control protocol specifications that demand a three-way handshake before establishing a connection.
Akamai says threat actors are already targeting sites in the banking, travel, gaming, media, and web-hosting industries.
Amplification works by spoofing the target’s IP address, and bouncing relatively small amounts of data at a misconfigured server used for resolving domain names, syncing computer clocks, or speeding up database caching.
When the server responds, it sends up to hundreds of times bigger data packets, easily overwhelming the spoofed target. According to the researchers, the amplification factor ranges from 54 times, to an astonishing 51,000 times.
Discussing Akamai’s findings with ArsTechnica, Kevin Bock, the lead researcher behind the research paper published by the University of Maryland and the University of Colorado at Boulder, said he wasn’t surprised.
“We expected that it was only a matter of time until these attacks were being carried out in the wild because they are easy and highly effective. Perhaps worst of all, the attacks are new; as a result, many operators do not yet have defenses in place, which makes it that much more enticing to attackers.”
- Here’s our rundown of the best firewalls right now
Via: ArsTechnica