Content, Content

Report: DNS Amplification DDoS Attacks Spiked 357 Percent in Q4 2017


Distributed denial of service (DDoS) cyber attacks using domain name server (DNS) amplification tactics spiked an astronomical 357 percent year-over-year in Q4 2017, concluded Nexusguard, an internet security specialist, in a new quarterly report.

In a DNS amplification exploit, the hacker spoofs look-up requests to DNS servers to mask the source of the attack and direct the response to the target. Nexusguards’s Q4 2017 Threat Report, which the company said chronicles thousands of DDoS attacks worldwide, blamed the stratospheric climb on servers enabled with Domain Name System Security Extensions (DNSSEC).

While Q4 2017 DDoS attacks fell 12 percent from the same period last year, Nexusguard warned that a new class of powerful botnets may appear from wider DNSSEC adoption. DNSSEC-enabled servers are intended to pump up DNS protocol security but attackers aim at them due to the high number of responses they can generate, Nexusguard said.

Still, in more than half of all botnet attacks in 2017, hackers favored multi-vector attacks. China, at nearly 22 percent, and the U.S., at about 14 percent, were the top two sources of DDoS attacks in Q4, Nexusguard said.

“Enterprises have worked hard to patch against snooping, hijacking and other DNS abuses; however, improperly configured DNSSEC-enabled nameservers may be a new plague for unprepared teams,” said Juniman Kasman, Nexusguard CTO.

Nexusguard’s data mapped to earlier Kaspersky research that DDoS attacks fell in the latter part of last year. Kaspersky found that DDoS attacks in Q4 2017 were registered against targets in 84 countries, down from 98 countries in the preceding quarter. China (52 percent) was the most-targeted country for DDoS attacks, followed by the United States (16 percent) and South Korea (10 percent).

Similarly, Kaspersky discovered that the cost to businesses of a DDoS attack are increasing globally. In a survey of 5,200 companies, the cost of a DDoS attack for enterprises was $2 million and the cost of a DDoS attack for small and medium-sized businesses was $120,000.

The volume slide in DDoS attacks follows a mid-year rise last year based on data provided by Akamai, a content delivery network services provider. It figured that DDoS attacks had increased by 28 percent year-over-year in Q2 2017. Akamai said the average company was targeted 32 times by DDoS attackers in the second quarter of 2017.

In perhaps the most infamous of DDoS attacks, the Mirai botnet was used in October, 2016 to first launch a huge attack against the KrebsOnSecurity website, followed by an assault on DNS provider Dyn that disrupted a number of the world’s largest websites, including PayPal, Spotify and Twitter.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.