Security News

Now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients - including the Internet addresses currently occupied by Parler. Much like Internet infrastructure firm CloudFlare, DDoS-Guard typically doesn't host sites directly but instead acts as a go-between to simultaneously keep the real Internet addresses of its clients confidential and to protect them from crippling Distributed Denial-of-Service attacks.

Windows Remote Desktop Protocol servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service attacks. The Microsoft RDP service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure access to Windows servers and workstations.

Windows Remote Desktop Protocol servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service attacks. The Microsoft RDP service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure access to Windows servers and workstations.

Citrix on Monday informed customers that it released firmware updates for its Application Delivery Controller and Gateway products to prevent threat actors from abusing the appliances to launch and amplify distributed denial-of-service attacks. Several people reported a few days before Christmas that they had started seeing DDoS attacks abusing their Citrix ADC and Gateway devices.

Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. According to reports that have surfaced starting with December 21st, 2020, a DDOS attack used DTLS to amplify traffic from susceptible Citrix ADC devices dozens of times.

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller devices that attackers are abusing to launch amplified distributed denial-of-service attacks against several targets. The desktop virtualization and networking service provider said it's monitoring the incident and is continuing to investigate its impact on Citrix ADC, adding "The attack is limited to a small number of customers around the world."

Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller networking appliances with EDT enabled. Reports of the attack have started trickling in on December 21st, with customers reporting an ongoing DDOS amplify attack over UDP/443 against Citrix Gateway devices.

That machine-to-machine communication, right? As you speed that up, and you speed up that attacker machine-to-machine communication, you really can start to up-level the ability to conduct these denial of service attacks. While they may be not have been necessarily as in fashion, we're seeing that the ransomware trends, and some of those more, you will probably see a resurgence or DDoS attacks is there, but you crank into, and leverage the increased speed, and the increased dependency on IoT devices in a way that we maybe haven't seen them as monetized in the past, connectivity, ransom against connectivity, rather than ransomware files.

One of the operators behind a Mirai botnet pleaded guilty to their involvement in a huge DDoS attack that caused a massive Internet disruption during October 2016. The botnet, a variant of the Mirai botnet, was developed by the defendant with the help of others between roughly 2015 until November 2016, specifically for being used to target gaming platforms in DDoS attacks.

With the COVID-19 pandemic leading us all to depend on online services like we never have before, a DDoS attack that takes operations offline can have very serious and long-term consequences for a business. Add to this the huge surge in DDoS attacks this year, with assaults getting bigger, more powerful and disruptive, and it's clear security leaders need to urgently get to grips with how to deal with them.