A total of 23,487,185 Distributed Denial of Service (DDoS) weapons are currently in the wild, ready to be exploited by cyber attackers according to A10 Networks’ latest State of DDoS Weapons Report. The study underscores the importance of knowing where DDoS weapons are located and how an up-to-date threat inventory enables organizations to take on a proactive stance against DDoS attacks.
Top sources of DDoS Weaponry
One crucial finding was that weapons were hosted in countries with a dense internet-connected population.
China and the United States currently host the largest number of DDoS weapons, with 6,114,312 and 2,636,103 weapons respectively. The other top Asian countries hosting DDoS weaponry include Republic of Korea at 872,744 weapons, and India at 615,239 weapons.
IoT is a hotbed for DDoS Botnets and will go hyperscale with 5G
When comparing the rate of growth of connected people versus connected devices, the study found that the latter is growing at a strikingly faster rate.
It has taken over 25 years since the birth of the Internet to connect 55% of the 7.6 billion people on our planet. This is a linearized rate of 4.6 people per second.
Meanwhile, IoT is growing at a rate of 127 connected devices per second. This is expected to accelerate with the advent of 5G.
Given that these devices are the perfect host for botnets, the number of DDoS weaponry available to attackers will grow significantly too.
The largest DDoS attacks have one thing in common - Amplification When it comes to size, amplified reflection attacks took the prize.
This attack strategy sends volumes of small requests to exposed servers, with each request bearing the spoofed victim’s IP address. These exposed servers reply with large amplified responses to the unwitting victim, quickly overwhelming the victim’s server.
These particular servers are targeted because they are configured with services that can amplify the attack. The most common types of these attacks can utilize millions of exposed DNS, NTP, SSDP, SNMP and CLDAP UDP-based services.
The study found that some countries were more frequently targeted by amplified reflection attack. China is the country most frequently targeted by DNS resolver-based, SSDP-based, and TFTP-based weapons.
Meanwhile, the Republic of Korea is most frequently attacked with SNMP-based weapons, and the United States is attacked with NTP-based weapons more than any other country.
The latest IoT Threat: Constrained Application Protocol (CoAP)
While the most prevalent types of weapons leverage other more established technologies and internet protocols as highlighted above, CoAP-based devices represent a fast-emerging new weapon type.
This machine-to-machine management protocol, which does not require authentication to reply with a large response to a small request, is frequently deployed on IoT devices supporting applications such as smart energy and building automation.
The study found that there are already 414,130 vulnerable IoT devices being used in attacks today. Alarmingly, 98% of these weapons are located in China.
“Today, cyber defense is no longer about playing catch-up with criminals. It is about strengthening defenses and locating where the threats are.” said Song Tang Yih, Vice President, Asia Pacific, Sales, A10 Networks.
“Once you know where weapons are located, businesses can build a dynamic weaponry inventory in the form of blacklists made up of millions of suspect IPs. Policies can then be developed to proactively block them.
Ultimately, having a proactive defense that harnesses intelligent automation, machine learning, and artificial intelligence to enable zero-touch protection is a necessity,”