Security News

Windows Remote Desktop Protocol servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service attacks. The Microsoft RDP service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure access to Windows servers and workstations.

Citrix on Monday informed customers that it released firmware updates for its Application Delivery Controller and Gateway products to prevent threat actors from abusing the appliances to launch and amplify distributed denial-of-service attacks. Several people reported a few days before Christmas that they had started seeing DDoS attacks abusing their Citrix ADC and Gateway devices.

Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. According to reports that have surfaced starting with December 21st, 2020, a DDOS attack used DTLS to amplify traffic from susceptible Citrix ADC devices dozens of times.

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller devices that attackers are abusing to launch amplified distributed denial-of-service attacks against several targets. The desktop virtualization and networking service provider said it's monitoring the incident and is continuing to investigate its impact on Citrix ADC, adding "The attack is limited to a small number of customers around the world."

Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller networking appliances with EDT enabled. Reports of the attack have started trickling in on December 21st, with customers reporting an ongoing DDOS amplify attack over UDP/443 against Citrix Gateway devices.

That machine-to-machine communication, right? As you speed that up, and you speed up that attacker machine-to-machine communication, you really can start to up-level the ability to conduct these denial of service attacks. While they may be not have been necessarily as in fashion, we're seeing that the ransomware trends, and some of those more, you will probably see a resurgence or DDoS attacks is there, but you crank into, and leverage the increased speed, and the increased dependency on IoT devices in a way that we maybe haven't seen them as monetized in the past, connectivity, ransom against connectivity, rather than ransomware files.

One of the operators behind a Mirai botnet pleaded guilty to their involvement in a huge DDoS attack that caused a massive Internet disruption during October 2016. The botnet, a variant of the Mirai botnet, was developed by the defendant with the help of others between roughly 2015 until November 2016, specifically for being used to target gaming platforms in DDoS attacks.

With the COVID-19 pandemic leading us all to depend on online services like we never have before, a DDoS attack that takes operations offline can have very serious and long-term consequences for a business. Add to this the huge surge in DDoS attacks this year, with assaults getting bigger, more powerful and disruptive, and it's clear security leaders need to urgently get to grips with how to deal with them.

Carnegie Mellon University PhD student Aqsa Kashaf and her advisors Dr. Vyas Sekar and Dr. Yuvraj Agarwal have analyzed third party service dependencies in modern web services, with a special focus on DNS, CDN, and SSL certificate revocation checking by CA. Their research was meant to determine if incidents like the 2016 Dyn DDoS attack, the 2016 GlobalSign certificate revocation error and the 2019 Amazon Route 53 DDoS attack would lead to similar results in 2020. "6% of the top-100K websites that were critically dependent in 2016, have moved to a private DNS in 2020. On the other hand, 10.7% of the websites which used a private DNS in 2016, have moved to a single third party DNS provider. Between these snapshots, redundancy has remained roughly similar. Overall, critical dependency has increased by 4.7% in 2020. More popular websites have decreased their critical dependency," they noted.

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad, a gang of young ne'er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks against countless Web sites - including KrebsOnSecurity on multiple occasions.