The increased frequency of DDoS attacks in 2016 does not bode well for 2017 across all industries, including credit unions and financial services, according to Sterling, Va.-based information provider Neustar, Inc.
In its in-depth research report DDoS & Cyber Security Insights, Neustar provides statistical analysis of the distributed denial of services attacks and mitigation data collected through Neustar SiteProtect. The report examines the growth of DDoS attacks during 2016, providing specific insight into multiple attack vectors, such as domain name system security extensions amplification and internet-of-things botnets.
“The DDoS attack landscape has become increasingly complex in 2016 because there is no singular goal behind these attacks; some seek to disrupt services, while others serve as smokescreens to breach data,” Rodney Joffe, SVP and fellow, Neustar said. “Organizations must remain vigilant against conventional attacks; even as new threatsare realized today and in 2017.”
A DDoS attack occurs when many compromised systems attack a single target. The result is denial of service for users of the targeted system.
Many community financial institutions, such as credit unions, are vulnerable because they do not believe they present viable targets. Yet credit unions and community banks present easy test beds for attackers working to sharpen their skills and may have fewer layers of protection against DDoS and ransomware.
DDoS & Cyber Security Insights analyzes attack and mitigation data collected through Neustar SiteProtect, a global DDoS mitigation network, from January 1, 2016 through November 30, 2016.
Key findings include:
- Increasing frequency of DDoS Attacks. The frequency of DDoS attack mitigations by Neustar increased 40% compared to the same period of time in 2015.
- Eruption of multi-vector attacks. Multi-vector attacks, which combine attack vectors to confuse defenders and supplement attack volume, increased 322% and accounted for 52% of the attacks mitigated. User datagram protocol, transmission control protocol and Internet Control Message Protocol comprise the three most popular attack vectors, leveraged in more than 50% of attacks.
- Vulnerability of Domain Name System and DNSSEC. DNS-based attacks increased 648% with many attackers leveraging DNSSEC amplification to generate massive volumetric pressure. Previous Neustar research, determined that the average DNSSEC amplification factor for a DNSSEC signed zone was nearly 29 times greater than the initial query.
- IoT Botnets Emerge as DDoS Attack Tools.The threat of IoT botnets realized in 2016 through malware such as Mirai and similar types of malware, which compromise IoT device credentials. The malware then enrolls them into botnets, activated by command and control servers. After publishing these code assemblies, new developments continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain device control even after a reboot.
“Mirai signals a watershed moment for DDoS attacks, where the bad guys finally turned the Internet back on its users,” Joffesaid. “It is imperative to invest in effective DDoS protection now because the threat landscape has fundamentally changed.”
Another problem is the recurring threat. The source code, for example, that powered the IoT botnet responsible for launching the historically large distributed DDoS attack against KrebsOnSecurity in September has been publicly released. This could potentially flood the web with attacks from many new botnets powered by unsecured routers, IP cameras, digital video recorders and other easily hackable devices.
