DDoS attacks now use new record-breaking amplification vector

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/ddos-attacks-now-use-new-record-breaking-amplification-vector/

A new reflection/amplification DDoS method is being used in attacks that provides a record-breaking amplification ratio of almost 4.3 billion to 1.

Distributed Denial of Service (DDoS) attacks target servers or networks with many requests and high volumes of data, aiming to deplete their available resources and cause a service outage.

The amplification ratio is critical when conducting attacks, as the higher the number, the easier it is for threat actors to overwhelm well-protected endpoints with less firepower.

As detailed in a report that Akamai shared with Bleeping Computer before publication, a new attack vector relies on the abuse of insecure devices that serve as DDoS reflectors/amplifiers.

DDoS attacks now use new record-breaking amplification vector

A new reflection/amplification DDoS vector has been spotted in the wild, offering threat actors a record-breaking amplification ratio of almost 4.3 billion to 1.

www.bleepingcomputer.com

---

Original report by researchers from Akamai: CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector

 

[bokvel]

DDoS attacks now use new record-breaking amplification vector

A new reflection/amplification DDoS vector has been spotted in the wild, offering threat actors a record-breaking amplification ratio of almost 4.3 billion to 1.

www.bleepingcomputer.com

---

Original report by researchers from Akamai: CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector

It is surprising to see how effective old methods of attack e.g. DDoS and Phishing is today. As per your post, DDoS is still very actively used and very effective. One would think that there should be easy way to prevent this, but it seems there is not. The same cloud infrastructure that is used to try and prevent such attacks, are also the environments to promote such attacks. Then not even talking about internal DDoS from infected machines in a company. So the question then is: How do we protect ourselves against DDoS? My opinion (based on trying to answer this question over years) would be to concentrate on 2 major areas: detection and response. 1ste, find a way to be able to look for early warning signs e.g. poor performance, bad connectivity, sudden high demand to a specific page, etc. Build a monitoring solution to provide you this information. It does not have to be expensive or through your entire estate, just the important most used locations. 2nd, create a plan to react to anything that you detect. Have clear instructions as to what to action and in which order, who is involved, how to communicate to management and users, everyone’s responsibility - but also know at this point exactly what has been impacted. Obviously one could move onto a technical and network level and say you should try and build a way to keep the DDoS on the impacted systems and get your systems up somewhere else and get production from those location. But for a start I would recommend focusing on points 1 and 2.