Security News > 2022 > March > Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks
Distributed denial-of-service attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory.
"The attack [] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers said in a report published Tuesday.
The development comes following an academic study published in August 2021 about a new attack vector that exploits weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure to stage reflected denial of service amplification attacks against targets.
While DoS amplification attacks have traditionally abused UDP reflection vectors - owing to the connectionless nature of the protocol - the novel attack technique takes advantage of TCP non-compliance in middleboxes such as deep packet inspection tools to stage TCP-based reflective amplification attacks.
In one of the attacks observed by the cloud security company, a single SYN packet with a 33-byte payload triggered a 2,156-byte response, effectively achieving an amplification factor of 65x. "The main takeaway is that the new vector is starting to see real world abuse in the wild," Seaman said.
"Typically, this is a signal that more widespread abuse of a particular vector is likely to follow as knowledge and popularity grows across the DDoS landscape and more attackers begin to create tooling to leverage the new vector."
News URL
https://thehackernews.com/2022/03/hackers-begin-weaponizing-tcp-middlebox.html
Related news
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)