Cloudflare Research Shows Alarming Surge in Critical Sector DDoS Attacks

Highlights:

• The second quarter saw a sharp rise in attacks on crypto firms, part of the general HTTP DDoS increase.
• Attackers flood DNS servers with malicious queries, blocking legitimate users from accessing targeted websites.

New research released by content delivery network company Cloudflare Inc. highlights the alarming increase in distributed denial-of-service (DDoS) attacks targeting critical sectors in the second quarter.

According to the report, hacking groups with ties to Russia, including REvil, Killnet, and Anonymous Sudan, have targeted attacks against Western websites. The SWIFT network, which handles international financial transactions, was a common target in the second quarter. Last year, many Russian banks were barred from the SWIFT network.

Cloudflare’s research also highlighted an increase in domain name system-based DDoS attacks and the exploitation of the Mitel vulnerability, CVE-2022-26143. In the second quarter, attacks on cryptocurrency companies sharply increased due to a general rise in HTTP DDoS attacks.

Threat actors used DNS servers’ vulnerabilities to launch DDoS attacks that targeted converting human-friendly website addresses to machine-friendly IP addresses. Attackers use a technique that involves flooding DNS servers with malicious queries, effectively blocking legitimate users from accessing the targeted websites. The report points out that the tactic presents difficulties for companies that control their own authoritative DNS servers and that they must implement strong defense techniques to lessen attacks.

Additionally notable in the second quarter was the exploitation of the Mitel vulnerability, which malicious actors exploited to launch DDoS attacks using the user datagram protocol (UDP) amplification. The vulnerability, according to the report, allows for traffic reflection and amplification, enabling large-scale attacks, and increasing the potential impact of these attacks.

The report also discusses how DDoS attacks increasingly focus on cryptocurrency businesses. The sector saw a significant increase in the second quarter as attackers tried to take down digital asset exchanges and related services.

The report also described the development of virtual machine-based botnets as a critical change in the DDoS threat landscape. The VM-based botnets are said to have unheard-of power and scalability, creating formidable obstacles for defense and mitigation. These botnets use computational and bandwidth resources to produce hyper-volumetric attacks efficiently.

The report concludes, “In recent months, there’s been an alarming escalation in the sophistication of DDoS attacks, and even the largest and most sophisticated attacks that we’ve seen may only last a few minutes or even seconds — which doesn’t give a human sufficient time to respond. Before the PagerDuty alert is even sent, the attack may be over, and the damage is done.”