Security News
During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. The report details how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path attacks, creating more sophisticated operating procedures for attackers and adding new tactics, techniques, and methods to their arsenals.
The attacks are not just growing in number, but also in scale, as the telecommunications company says IoT botnet and amplifier attack capacity exceeds 10Tbps, a significant increase of three-to-four times the size of attacks previously reported. Last year, Nokia shared its findings as part of its DDoS 2021 report, showing that by mid-year the most impactful DDoS were originating from high-bandwidth, high packet-rate, volumetric DDoS attacks.
A massive distributed denial-of-service attack forced Israeli officials Monday to temporarily take down several government websites and to declare a state of online emergency to assess the damage and begin investigating who was behind the incident. In a tweet, the Israel National Cyber Directorate said it had detected the DDoS attack against a communications provider and that several websites had been taken down, though all have since resumed normal activity.
A number of websites belonging to the Israeli government were felled in a distributed denial-of-service attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate said in a tweet.
Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "Cyberattack." Rostec claims the website was brought back online quickly and attributed the attack to Ukrainian "Radicals."
DDoS attacks expand as cybercriminals target cloud providers and ransomware victims. Cybercriminals expanded the types of organizations at the receiving end of DDoS attacks.
In a Wednesday threat advisory, Cisco Talos described a campaign it's observed in which a threat actor was offering a supposed distributed denial-of-service tool on Telegram that's purportedly meant to pummel Russian websites. The crisis has brought both new threats and an influx of actors "Of varying skill," Cisco said.
Miscreants have launched massive, amplified distributed denial-of-service attacks by exploiting a vulnerability in Mitel collaboration systems. "This particular attack vector differs from most UDP reflection/amplification attack methodologies in that the exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," the task force added.
The attack vector - dubbed TP240PhoneHome - has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations. "Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second."
A new reflection/amplification DDoS method is being used in attacks that provides a record-breaking amplification ratio of almost 4.3 billion to 1. As detailed in a report that Akamai shared with Bleeping Computer before publication, a new attack vector relies on the abuse of insecure devices that serve as DDoS reflectors/amplifiers.