Top DDoS attack trends to watch out for in 2020

Image credit: Pixabay

From growing to merging, here are some trends that businesses, security professionals, and application developers need to be aware of.

For some time, DDoS attacks were observed to be on a decline until they started going the upward trajectory again in the past year. Attacks reportedly doubled year-on-year in the fourth quarter of 2019. These cyber-threats may not entail the theft of information or assets, but they are just as damaging. They disrupt commercial activities organization operations as they shut down websites and online services with overwhelming volumes of fake traffic.

In 2020, it only makes sense to consider DDoS as a major threat and anticipate the different ways it will be used to harm websites and online services. Organizations should not downplay it, especially the rise in multi-vector attacks. It’s advisable to get acquainted with the trends and how these attacks are evolving.

Growing attack volumes

The success of Distributed Denial of Service attacks in derailing business activities as well as government operations appears to encourage cybercriminals to rely on this approach in harming their targets. Many companies tend to relegate DNS to a lower priority when it comes to establishing their security systems. Setting up DDoS protection is generally uncomplicated; unfortunately, many organizations still fail to have adequate defenses.

Security analysts expect more DDoS incidents in 2020–targeting not only large corporations and government offices but also small and midsize businesses. According to Kaspersky’s Q4 2019 DDoS report, the number of attacks detected in the fourth quarter of 2019 increased by around 79% compared to the number from the same period in 2018. It’s the highest year-on-year increase recorded by Kaspersky for 2019. In the last two quarters, the attack growth rates were at 32% and 18% respectively. This general growth pattern is expected to extend into the rest of the current year and even beyond.

Attackers launched numerous large-scale DDoS campaigns against financial institutions in Singapore, South Africa, and a number of countries in the Scandinavian region. The United Kingdom’s Labour party also suffered attacks aimed at disrupting the organization’s digital systems. Even the Minecraft server in the Vatican was not spared. Security experts believe that most of the attacks either have ideological motives or are driven by the possibility of financial gains.

Increased application layer attacks

In the past, the prevailing type of DDoS attack was volumetric, which means that the attacker employs massive false requests for every accessible port. These requests result in a UDP flood and ICMP flood. However, volumetric attacks tend to be less effective in the advent of cloud-based services. An infrastructure-oriented approach in DDoS is typically not as destructive as attacks that disrupt traffic on web applications. As such, cybercriminals are turning to application-layer attacks.

Also known as layer 7 DDoS, application-layer attacks are designed to target the web traffic of a user interacting application. They are network-based attacks that generally affect DNS, HTTP/HTTPS, and SMTP protocols. What makes them preferable (for attackers) is their efficiency. They can result in more damage with less total bandwidth compared to volumetric attacks.

Exploiting exposed servers

According to Akamai, there are around a hundred thousand memcached servers that are considered exposed or open to DDoS attacks. Memcached servers are database caching systems intended to speed up the loading of websites. They are not meant to be exposed on the public internet, but they respond to queries from anyone. These servers are set to be exploited by attackers if they remain unprotected.

On the other hand, the problem of exposed servers also emerges in the trend of companies shifting to UDP (User Datagram Protocol) so they can put backend web servers online. This setup is prone to creating backdoors that can be used by attackers. As enterprises try to create improved user experiences, they unwittingly open opportunities for successful DDoS attacks.

Hit-and-run DDoS

Also referred to as burst attacks, hit-and-run DDoS attacks are designed to create disruptions for a few seconds and recur after random intervals. As the term implies, it delivers bursts of denial-of-service that are then repeated over and over in an unpredictable pattern. The duration of the disruption as well as the interval of recurrence changes every so often, so it becomes difficult for organizations to deal with the problem.

This “innovative” attack will likely be employed by cybercriminals that fail are having a hard time defeating the defenses of their targets. Generally, security experts are only able to mitigate attacks if they are able to catch them in action. Hit-and-run DDoS creates short disruptions that don’t provide enough time for meaningful analysis. They then disappear and return again at unpredictable intervals and frequencies, throwing off security experts who are working on a solution.

Merging DDoS with other attacks

To maximize the impact of attacks, security analysts see the possibility of attackers merging DDoS with previous attempts to disrupt or breach a network. This combination of network incidents can maximize the potential gains of attacks. It muddles the ability to identify attacks and apply the necessary solutions. By incorporating DDoS with other attacks, it becomes easier to achieve the desired outcomes.

Merging of attacks is not exactly a new idea, but it will probably gain traction in the year ahead. Back in 2016, security analysts documented combinations of ransomware and DDoS attacks. This resulted in a more efficient, two-pronged approach in pursuing moneymaking cybercrimes. Under this scheme, ransomware-infected computers whose users refused to pay were converted to rentable DDoS botnets, creating another felonious revenue stream.

In summary

DDoS continues to become a serious threat for enterprises and businesses worldwide. As security firms develop advanced methods to deal with these attacks, cybercriminals likewise tweak or augment their attacks. They also take advantage of various vulnerabilities that have been neglected or that emerge because of changes in the way systems are created.

Not many pay attention to the DDoS threat, especially after reports in previous years claimed that they were becoming less prevalent. This shouldn’t be the case, though, as threat factors are growing, DDoS attacks are increasing, and attackers are merging them with other security incidents to maximize the damage.