sb-eu logo
Story image

Radware issues security alert, warning of global rise of DDoS-for-hire

Radware has today issued a global cybersecurity alert, warning of the extensive and far-reaching growth of the DDoS-for-hire industry.

Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware, utilising new attack vectors and producing largescale, record-breaking DDoS attacks.

The alert comes as New Zealand’s primary exchange operator NZX has seen trading halt for the fourth time in as many days due to coordinated and sophisticated offshore DDoS attacks.

This was but one of many similar attacks targeting significant and vulnerable organisations in the past few years.

“In March 2019, a record-breaking 1.3Tbps attack abusing exposed Memcached servers by exposing a protocol that was never intended to be exposed to the public, was launched against Github,” says Radware Emergency Response Team information security researcher Daniel Smith.

“Just seven days later and the attack vectors were seen quickly being added to booters and stressers.

“Even more recently, a malicious actor was able to abuse the TCP protocol to cause a TCP Reflection attack. In August 2019, Radware researchers discovered this trend during a campaign targeting the financial services industry.”

Due to the complexity of the booster and stresser industry, it’s harder to enforce control over criminal activity within the industry and arrest perpetrators.

If one threat is removed, dozens of other criminals will seize the opportunity to fill the void, according to Radware.

One example of this can be seen in a Dutch police operation in October 2019.

In the incident, police seized servers, known to be malicious, from bulletproof hosting provider K.V. Solutions. These servers hosted several command and control servers for IoT botnets. In April 2020, Dutch police working with hosting services, registrars international police force, Europol, Interpol and the FBI, took down another 15 unnamed booters.

While it would be easy to assume this kind of operation would put a dent in the booter and stresser industry, Radware concludes that the actions were ineffective, when criminals were quick to replace those that have been removed.

“Takedowns are not the long-term solution,” says Smith. 

“Denial-of-service should be mitigated in different ways. To curb the growing booter and stresser industry means addressing the core problem: the devices and servers used to create large-scale botnets and world record volumes. 

“Address the growth of the IoT market and the lack of regulation and security standards for devices that get connected to the internet.”

Smith adds that issues surrounding open resolvers and reflectors on the internet must also be addressed. 

“While disclosures of new attack vectors are hard to keep pace with, we need to put steady pressure on those who are not patching in a reasonable amount of time and develop ways to cope with open resolvers such as DNS and NTP.”

Smith concludes that security leaders must act to close the loopholes currently being exploited.

“If devices can be infected within seconds and open services and resolvers remain, the problem will continue,” he says.

“Removing that vast attack surface from the bot herders plus proper mitigation which increase the resistance against successful DDoS attacks is the only way to demotivate criminals. 

“The ultimate solution is to make launching these assaults too difficult and too expensive. Doing so will put an end to smaller cybercriminals wannabe hackers.” 

Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More