UK in Focus
Summary Based on a case study in our most recent blog, the observed global DDoS attack count (frequency), bandwidth (BPS), and throughput (PPS) all saw significant increases since the start of the...
View ArticleLast Week in DDoS...
By all indications, the events of last week brought have brought the importance of DDoS defense into focus for many individuals and organizations. DDoS attacks aren’t something to be taken lightly...
View ArticleLucifer’s Spawn
ASERT researchers have uncovered new information about Lucifer, which is a cryptojacking and distributed denial of service (DDoS) bot, originally found to exploit and run on Windows based systems.
View ArticleHigh-Profile DDoS Extortion Attacks — September 2020
Starting in mid-August 2020, a relatively prolific threat actor initiated a global campaign of DDoS extortion attacks largely directed towards regional financial and travel-industry targets such as...
View ArticleDropping the Anchor
Trickbot has long been one of the key banking malware families in the wild. Despite recent disruption events, the operators continue to drive forward with the malware and have recently begun porting...
View ArticleLazarus Bear Armada DDoS Extortion Campaign — December 2020
DDoS Extortion Update: As previously reported, a relatively prolific threat actor initiated a global campaign of DDoS extortion attacks in mid-August 2020, largely directed towards regional financial...
View ArticleMicrosoft Remote Desktop Protocol (RDP) Reflection/Amplification DDoS Attack...
Recently observed DDoS attacks leverage abusable Microsoft RDP service to launch UDP Reflection/Amplification attacks with an 85.9:1 amplification factor.
View ArticleCrossing the 10 Million Mark: DDoS Attacks in 2020
For the first time, we observed DDoS attacks rise above 10 million annually in 2020, nearly 1.6 million more attacks than seen in 2019.
View ArticlePlex Media SSDP (PMSSDP) Reflection/Amplification DDoS Attack Mitigation...
Amplified PMSSDP DDoS attack traffic consists of SSDP HTTP/U responses sourced from ports UDP port 32414 and/or UDP port 32410 on abusable Plex Media Server instances and directed towards attack...
View ArticleDatagram Transport Layer Security (D/TLS) Reflection/Amplification DDoS...
Datagram Transport Layer Security (D/TLS) is a variant of the TLS encryption protocol implemented atop User Datagram Protocol (UDP), it is utilized to secure datagram-based applications to prevent...
View ArticleTsuNAME Zone Cyclic Dependency-Induced Recursive DNS Query Cascade
In mid-May 2021, security researchers at SIDN Labs, InternetNZ, and USC/ISI released a research paper describing a sabotage-based DDoS attack methodology dubbed ‘TsuNAME’ that targeted authoritative...
View ArticleThe Beat Goes On
The beat goes on: Threat actors launched approximately 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020.
View ArticleSession Traversal Utilities for NAT (STUN) Reflection/Amplification
Adversaries weaponize STUN servers by incorporating the protocol into DDoS-for-Hire services. Approximately 75k abusable STUN servers give DDoS attackers ample opportunity to launch single-vector STUN...
View ArticleFancy Lazarus DDoS Extortion Campaign
ASERT Threat Summary Date/Time: 17June2021 1300UTC Severity: Warning Distribution: TLP: WHITE Categories: Availability Contributors: Jon Belanger, Richard Hummel. Executive Summary In May 2021,...
View ArticleDHCPDiscover Reflection/Amplification DDoS Attack Mitigation Recommendations
DHCPDiscover, a UDP-based JSON protocol used to manage DVRs, can be abused to launch UDP reflection/amplification attacks when an internet-exposed DVR lacks any form of authentication.
View ArticleOur New DDoS Normal Isn’t All That Normal
Attack frequency has dropped, but we are nowhere near the numbers considered normal prior to COVID-19: Threat actors launched approximately 5.4 million DDoS attacks in the first half of 2021.
View ArticleHTTP Reflection/Amplification via Abusable Internet Censorship Systems
Learn more about this distributed denial-of-service (DDoS) attack vector which abuses middlebox systems for HTTP reflection/amplification.
View ArticleThe Long Tail of Adversary Innovation
Latest Threat Intelligence Report from NETSCOUT details extensive global impact of cyberattacks on private and public sector organizations.
View ArticleHigh-Profile DDoS Extortion Attacks Against SIP/RTP VoIP Providers
Beginning in September 2021, aggressive threat actors have targeted multiple Voice-over-IP (VoIP) communication providers with a campaign of high-impact DDoS extortion attack
View ArticleA Tale of Two Botnets
NETSCOUT's ASERT Team tracks Mēris and Dvinis DDoS Botnets. The blog covers the number of botted nodes observed, how they are propagating, and where they are distributed geographically. We also...
View ArticleMēris & Dvinis Botnets
Threat adversaries leverage exploitable Mikrotik routers with two different botnets, Mēris and Dvinis, to launch high request-per-second attacks against targets.
View ArticleWhat Happened in the Second Half of 2021?
Executive Summary The second half of 2021 finally saw much of the world returning to normal, at least until the recent Omicron variant sent us packing back home. The premature return to normal...
View ArticleThe Anatomy of the DDoS Attack Campaign Targeting Organizations in Ukraine
Overview Beginning on 13 February 2022, multiple governmental, military, and financial organizations within Ukraine reported that their public-facing Web sites, applications, and ancillary supporting...
View ArticleTP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch...
View ArticleDDoS Threat Landscape - Ukraine
The ongoing DDoS attack campaign against Ukraine increased significantly. We anticipate that DDoS activity targeting Ukraine will continue over the duration of the conflict, and will continue to...
View ArticleDDoS Threat Landscape - Russia
Since mid-February of 2022, the NETSCOUT Arbor Security Engineering and Response Team (ASERT) has been monitoring the situation in Russia and Ukraine. We recently published an update to our initial...
View ArticleRemembering SQL Slammer
Twenty years ago SQL Slammer Worm devastated the then known internet, resulting in widespread outages and disruptions. What happened? Why was it successful? Can it happen again? Follow along as...
View ArticleGlobal DDoS-for-hire Takedown
On December 15, 2022, The U.S. Federal Bureau of Investigation (FBI), in cooperation with several international law enforcement partners, seized 49 domain names and arrested six individuals for their...
View ArticleDDoS Attacks Targeting NATO Members Increasing
As the effects of COVID-19 and inflated numbers of DDoS attacks have settled into some semblance of normalcy, it has been all out DDoS war for Finland, Hungary, and Turkey.
View ArticleService Location Protocol (SLP) Reflection/Amplification Attack Mitigation...
With the computing power and internet transit capacity available to a substantial proportion of abusable SLP reflectors/amplifiers, attackers can potentially launch extremely high-volume, high-impact...
View Article100% Increase in DDoS Attacks Against India
Summary NETSCOUT and ASERT have observed massive increases in DDoS attacks against Indian targets. This near doubling of DDoS attacks since the beginning of 2023 has been fueled by a rallying call...
View ArticleBulletproof Hosting (BPH) Taxonomy
The phrase Bulletproof hosting suggests technical sophistication, infrastructure resiliency, and a platform with elaborate redundancy. However, for the internet security community its connotation is...
View ArticleHTTP/2 'Rapid Reset' Application-Layer DDoS Attacks Targeting Shared Cloud...
In a joint disclosure by several well-known cloud computing, SaaS, and CDN operators, a new HTTP/2 application-layer DDoS attack vector (CVE-2023-44487) has been described which has been used in the...
View ArticleThe Power of Names
Typically, application-layer protocols such as HTTP/s, QUIC, SIP, and others receive the lion’s share of attention in most discussions of internet traffic. But it’s the Domain Name System (DNS), the...
View ArticleAnonymous Sudan
Anonymous Sudan is a highly prolific threat actor conducting distributed denial-of-service attacks (DDoS) to support their pro-Russian, anti-Western agenda. Although the attacks attributed to this...
View ArticleUnprecedented Growth in Malicious Botnets Observed
NETSCOUT observed an unprecedented rise in compromised devices performing reconnaissance scans, signaling a dangerous new wave of large-scale cyberattacks leveraging weaponized cloud infrastructure.
View ArticleNoName057(16)
NoName057(16) relies heavily on HTTPS application-layer DDoS attacks, with many attacks repeatedly sourced from the same attack harness, networks, and targeting similar countries and industries.
View ArticleDDoS Attacks Against Poland Skyrocket In Wake of New Prime Minister’s Election
Since late December, Poland has been the target of several groups as new Prime Minister Tusk was sworn in. The most notable group targeting Poland is NoName057. They have targeted several types of...
View ArticleCarpet-Bombing
Carpet-bombing (Spread Spectrum, Subnet DDoS) attacks take place when an adversary targets a range of addresses or subnets simultaneously to saturate networks with garbage traffic while also avoiding...
View ArticleNuisance Network Traffic
While there are many obvious threats like hacktivists, nation-state adversaries and ransomware operators, there also lies a constant ever-growing undercurrent that we call nuisance traffic. The...
View ArticleThe Unbearable Asymmetry of DDoS
Because adversaries leverage compromised and abusable online resources belonging to legitimate organizations and individuals to launch DDoS attacks, the tangible cost to attackers is nil, while the...
View ArticleSweden Continues to be a Prime DDoS Target as They Join NATO
In 2023, a barrage of cyber assaults against Sweden signaled a massive shift in global dynamics. As Sweden worked towards joining NATO and supporting Ukraine with arms and humanitarian aid, we saw a...
View ArticleMoldova Faces a Wave of DDoS Attacks
Beginning around March 6, 2024, self-proclaimed DDoS hacktivist NoName057(16) turned their attention to the country of Moldova. Since early March, more than 50 websites have been targeted, according...
View ArticleSouth Korea Enduring a Wave of Geopolitical DDoS Attacks
ASERT’s monitoring of DDoS attacks stemming from hacktivism and geopolitical tensions, discovered that South Korea was subject to widespread attacks. This digital assault is targeting various...
View ArticleHacktivists Target Romania in Latest Surge in Geopolitical DDoS Attacks
Hacktivists Target Romania in Latest Surge in Geopolitical DDoS Attacks Geopolitical DDoS attacks continue to become increasingly prevalent. ASERT research has discovered that Romania is the latest...
View ArticleDDoS Attacks in Spain
Update July 24, 2024: The DDoS hacktivists continue to add members to a coalition they now call the "holy league" as part of their self-proclaimed "holy war" against Spain. The recent posts boasts 70...
View ArticleVenezuela’s Election as seen in Cyberspace
Shortly after the declaration of victory in the Venezuelan presidential election, news outlets reported widespread protests across the country. Most of the news reported focuses on the turbulent...
View ArticleNETSCOUT’s Richard Hummel Speaks About South Korean and Romanian DDoS Trends
NETSCOUT’s Director of Threat Intelligence, Richard Hummel, was featured on Patrick Donegan’s HardenStance to discuss the latest patterns in DDoS threat activity. In this interview, Hummel covered...
View ArticleInternet Archive Under Assault
Internet Archive under DDoS Attack On October 09, NETSCOUT’s ASERT observed a significant deviation of network traffic to archive.org. This both corroborates the public disclose from independent...
View ArticleDDoS Attacks Against Japan
Japan became the focal point for pro-Russia hacktivists in the wake of their election and collaboration with US military activities.
View Article