Security News

In a Wednesday threat advisory, Cisco Talos described a campaign it's observed in which a threat actor was offering a supposed distributed denial-of-service tool on Telegram that's purportedly meant to pummel Russian websites. The crisis has brought both new threats and an influx of actors "Of varying skill," Cisco said.

Miscreants have launched massive, amplified distributed denial-of-service attacks by exploiting a vulnerability in Mitel collaboration systems. "This particular attack vector differs from most UDP reflection/amplification attack methodologies in that the exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," the task force added.

The attack vector - dubbed TP240PhoneHome - has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations. "Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second."

A new reflection/amplification DDoS method is being used in attacks that provides a record-breaking amplification ratio of almost 4.3 billion to 1. As detailed in a report that Akamai shared with Bleeping Computer before publication, a new attack vector relies on the abuse of insecure devices that serve as DDoS reflectors/amplifiers.

Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service attack targeting an unnamed website that peaked at 2.5 million requests per second. "While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase," Nelli Klepfish, security analyst at Imperva, said.

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service attacks aimed at its domestic infrastructure. As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out phishing attacks.

Distributed denial-of-service attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack [] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers said in a report published Tuesday.

The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers. The threat actor can then control this botnet to perform DDoS attacks against a specific target, depleting their resources and disrupting their online service.

Researchers have identified an alarming new trend in DDoS attacks that target packet inspection and content filtering devices to attain enormous 6,533% amplification levels. DDoS attacks are used to take down a server or corporate network by overwhelming network devices such as servers and routers with a large number of bogus requests or very high volumes of garbage data.

Renewed DDoS attacks have been launched against websites Ukrainian government agencies and banks. New data wiper malware has been discovered on Ukrainian computers, as well as machines in Latvia and Lithuania.