DDoS Attacks Have Grown Stronger in 2021
It Seems That Distributed Denial-of-Service Incidents Were on the Rise.
DDoS attacks are used to prevent normal users from accessing an online location. In this case, a cybercriminal can prevent legitimate users from accessing a website by targeting its network resources and flooding the website with a huge number of information requests.
The Year of DDoS Attacks
According to the information released by Cloudfare, 2021 was the year when the majority of these assaults occurred, with a 29 percent year-over-year rise and a 175 percent quarter-over-quarter increase.
Extortion or ransom DDoS (RDDoS) assaults emerged as a new threat in August 2020 and have grown in size and complexity since then.
As reported by BleepingComputer, the attacks began at roughly 200Gbps and increased to more than 500Gbps by mid-September.
Application-layer DDoS assaults, particularly HTTP DDoS attacks, appear to have targeted industrial enterprises, with a 641 percent increase compared to the third quarter of 2021.
According to the IP addresses, the majority of these DDoS assaults originate in China, the United States, Brazil, and India, and are perpetrated by botnets such as Meris, which made headlines this year with a record-breaking attack of 21.8 million requests against Russian internet giant Yandex.
Unlike an application-layer DDoS assault, which prevents consumers from accessing a service, a network-layer DDoS attack targets a company’s complete network infrastructure, attempting to bring down routers and servers.
Cloudflare noted that SYN floods remain a popular attack method. The SNMP protocol has seen a dramatic spike of almost 6,000% from one quarter to another, although UDP-based DDoS attacks were the second most represented vector.
When we look at emerging attack vectors — which helps us understand what new vectors attackers are deploying to launch attacks — we observe a massive spike in SNMP, MSSQL, and generic UDP-based DDoS attacks.
Both SNMP and MSSQL attacks are used to reflect and amplify traffic on the target by spoofing the target’s IP address as the source IP in the packets used to trigger the attack.
Simple Network Management Protocol (SNMP) is a UDP-based protocol that is often used to discover and manage network devices such as printers, switches, routers, and firewalls of a home or enterprise network on UDP well-known port 161. In an SNMP reflection attack, the attacker sends out a large number of SNMP queries while spoofing the source IP address in the packet as the targets to devices on the network that, in turn, reply to that target’s address. Numerous responses from the devices on the network results in the target network being DDoSed.
Similar to the SNMP amplification attack, the Microsoft SQL (MSSQL) attack is based on a technique that abuses the Microsoft SQL Server Resolution Protocol for the purpose of launching a reflection-based DDoS attack. The attack occurs when a Microsoft SQL Server responds to a client query or request, attempting to exploit the Microsoft SQL Server Resolution Protocol (MC-SQLR), listening on UDP port 1434.
How Can Heimdal Help?
Threat prevention is essential to your company’s cybersecurity, as it is an effective way to add multiple layers of proactive protection. As cyber attackers become more cunning, so should the solutions we use to stop them. This is where Heimdal comes in.
Heimdal is always updated and keeps pace with the latest cybersecurity trends, a quality that perfectly illustrates its products too. Our awarded Threat Prevention Endpoint solution uses Machine Learning, cybercrime intelligence, and artificial intelligence capabilities to help you prevent future threats with 96 % accuracy on your endpoints, a very efficient threat hunting solution that makes malicious URLs, processes, and attacker’s origins no longer anonymous.