There was bad news for the white hats in the second quarter as new stats pointed to an 83% increase in DDoS reflection attacks to reach almost 183,000 over the previous three months.
DDoS mitigation firm Nexusguard collected data for its DDoS Threat Report from its collaborative ‘hybrid darknet’ of honeypots and vulnerable internet-connected devices.
NTP continued to lead the pack in terms of reflection attack vectors, accounting for over 85,000 DDoS blasts. DNS wasn’t far behind with just over 80,000 and together these two comprised the vast majority of attacks in the quarter.
Nexusguard added:
“We saw no SNMP or IKE attacks in the quarter, as well as a decrease in SSDP attacks. However, the variety of methods continues to grow, with a 234% increase in RIP attacks and 1150% in MDNS.”
The largest single attack was aimed at a Russian telco on the Starlink network, with over 51,000 IP addresses targeted in an “all-out, relentless two-day assault,” according to the vendor.
The attack also managed to take out an energy company, a bank, a medical device manufacturer, a clinic, and the internal communications services of the Starlink network, Nexusguard explained.
The firm speculated that major ‘nation-level’ attacks are increasingly being carried out not by state-sponsored operatives but patriotic hacktivist groups.
For example, it’s possible that the Starlink DDoS was orchestrated by Ukrainian hacktivists, as it occurred on the same day they were telling the media about hacking Russian video feeds and identifying Russian soldiers in eastern Ukraine.
It’s been a busy month as always for DDoS-ers, with hacking group ‘PoodleCorp’ claiming responsibility for taking out US and European Pokemon Go servers.
The US legislature also came under attack when sites for Congress, the United States Copyright Office, and Library of Congress were taken out by black hats.
That campaign lasted several days but all sites are now back up and running as normal.