DDoS Amplification Attacks Skyrocketed in Q4, Revealed by Nexusguard Research

More than half of all attacks exploit multiple vector combinations

SAN FRANCISCO--()--Distributed denial of service (DDoS) attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017, compared to 2016, according to Nexusguard’s “Q4 2017 Threat Report.” The quarterly report, which measured thousands of attacks from around the world, attributes the skyrocketing attacks to servers enabled with Domain Name System Security Extensions (DNSSEC), a significant new risk if not properly configured. Although they’re intended to add integrity and security to the DNS protocol, DNSSEC-enabled servers can be deliberately targeted to reflect amplification attacks, due to the large size of the responses they generate.

Nexusguard’s quarterly distributed denial of service (DDoS) reports are based on the company’s collection of real-time data regarding threats facing enterprises and service provider networks around the world. The company gathers data from botnet scanning, Honeypots, internet service providers (ISPs) and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global attack trends. Although the overall number of DDoS attacks fell 12 percent compared to the same period last year, a new class of powerful botnets may appear from wider DNSSEC adoption. Nexusguard warns teams to evaluate the DNSSEC response and security flaw to strengthen systems against future attacks.

“Enterprises have worked hard to patch against snooping, hijacking and other DNS abuses; however, improperly configured DNSSEC-enabled nameservers may be a new plague for unprepared teams,” said Juniman Kasman, chief technology officer for Nexusguard. “Admins and IT teams need to check security for the entire network, as well as correctly configure DNSSEC on the domain to properly harden servers against these new attacks.”

Hackers also continue to favor multi-vector attacks, blending combinations of network time protocol (NTP), universal datagram protocol (UDP), DNS and other popular attack vectors in more than half of all botnets over the past year, according to Nexusguard’s “2017 DDoS Attack Landscape” infographic. China and the U.S. continued to reign as the top two sources of DDoS attacks in Q4, contributing 21.8 percent and 14.3 percent of the botnets, respectively. South Korea climbed to third place, contributing nearly six percent of the global attacks, up from sixth place last quarter.

Read the full "Q4 2017 Threat Report" for more details.

About Nexusguard
Founded in 2008, Nexusguard is the global leader in fighting malicious Internet attacks. Nexusguard protects clients against a multitude of threats, including distributed denial of service (DDoS) attacks, to ensure uninterrupted Internet service. Nexusguard provides comprehensive, highly customized solutions for customers of all sizes, across a range of industries, and also enables turnkey anti-DDoS solutions for service providers. Nexusguard delivers on its promise to maximize peace of mind by minimizing threats and improving uptime. Visit www.nexusguard.com for more information.

Contacts

Metis Communications
Justine Boucher, +1 617-236-0500
nexusguard@metiscomm.com
or
Nexusguard
Benjamin Yip, +1 415-299-8550
Head of marketing
Benjamin.Yip@Nexusguard.com

Release Summary

DDoS attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017, according to Nexusguard.

Contacts

Metis Communications
Justine Boucher, +1 617-236-0500
nexusguard@metiscomm.com
or
Nexusguard
Benjamin Yip, +1 415-299-8550
Head of marketing
Benjamin.Yip@Nexusguard.com