U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

DDoS Protection Services hacked to arrange powerful DNS DDoS attack

Security Experts at Incapsula have recently detected a powerful DNS DDoS attack organized by attackers abusing DDoS Protection Services servers. Experts at Incapsula have detected early this month a powerful DNS DDoS attack that was launched from high-capacity servers, but the alarming news is that the attackers have abused resources of two separate DDoS protection service […]

DDoS-for-hire

Security Experts at Incapsula have recently detected a powerful DNS DDoS attack organized by attackers abusing DDoS Protection Services servers.

Experts at Incapsula have detected early this month a powerful DNS DDoS attack that was launched from high-capacity servers, but the alarming news is that the attackers have abused resources of two separate DDoS protection service providers.

On May 1st, a powerful attack has hit an unnamed online gaming website, the offensive lasted for about seven hours flooding the target with 25 million packets per second (mpps).

“Several days ago one of our clients became the target of a massive DNS DDoS attack, peaking at approximately 25Mpps (Million packets per second). The attack fit the description of other recently reported DNS floods, like the one that brought down UltraDNS earlier this month. ” Writes Igal Zeifman, product evangelist with Incapsula, in a blog post.

The attackers hijacked traffic of two separate high-capacity servers belonging to unnamed DDoS protection service providers, located in Canada and in China, they directed the flaw against the online gaming platform.

“Any service providers that offer indiscriminative access to high-powered servers helps the offenders to outgrow these limitations. In this case, the security vendors played right into the hackers’ hands, by equipping them with high-capacity resources, able to generate billions upon billions of unfilterable DDoS requests – enough to pose a serious threat to even to the most overprovisioned servers.”

The experts at Incapsula consider the attack as part of an evolving new trend that targets also most resistant structure. The attackers, contrary to what normally happen for DNS DDoS attack haven’t spoofed IP data, making easy to discover the origin of the offensive.

“Interestingly enough, in this case, the DNS queries contained non-spoofed IP data that allowed us to uncover the attacker’s true points of origin.” “All told, these were hitting our network at a rate of 1.5 Billion DNS queries a minute, amounting to over 630 Billion requests during the course of the 7 hour-long DDoS attack.” reports Incapsula.

Both companies involved in the DNS DDoS attack have confirmed to Incapsula that their servers were abused.

dns ddos attack Incapsula

“However, this is the first time we encountered “rogue” scrubbing servers used to carry out large-scale DDoS attacks. This fact, combined with the inherit danger of non-amplified DNS floods, is what makes these attacks so devastatingly dangerous.” Zeifman said.

Let me close with a clarification, as highlighted in the post a DNS DDoS is very different from a DNS DDoS amplification attack,a DNS amplification is an asymmetrical DDoS attack in which the attacker floods target with query with spoofed IP to solicit the recipient of much larger DNS responses.

DNS DDoS floods are symmetrical DDoS attacks, they are used to consume server-side assets (e.g. Memory or CPU) while a DNS amplification attack exhausts the target’s bandwidth with a multitude of UDP requests.

This is the beginning of an alarming trend, the cybercrime is exploring new methods to monetize its effort.

Pierluigi Paganini

(Security Affairs –  DNS DDoS, cybercrime)