With the covid-19 outbreak, the world today has engulfed in chaos and terror like never before. This situation has also given rise to vicious online activities by bad actors who launch attacks in the form of application layer attacks, volumetric attacks, network protocol attacks etc. As far as DDoS attack is concerned, we see a massive increase in:
This month’s attack alleviated by Neustar security operations center shows that now the attack doesn’t need massive effort to get resources, but it can be launched by a simple protocol.
This attack was a combination of both UDP amplification and an SYN flood which included vectors such as ICMP flood. The Neustar security operations center monitored high levels of big UDP amplification packets and tiny SYN flood packets, ultimately generating enormous attack volume and intensity. As a result of high volumes, this kind of attack successfully saturates the IPS and customer connectivity of the internet circuits. This could also damage the internet infrastructure such as routers as the small SYN flood packets are difficult for the hardware to process.
The UDP protocol is a quicker way of sending information for an application as it is connectionless and session-less, hence where the applications are dependent on timely Interactions, UDP plays a vital role there. Although, UDP is of great importance in terms of speed but it doesn’t provide security. The traditional handshake before the exchange of information is not applied by UDP, this leaves it vulnerable to snoofing. Another problem is that UDP protocols have high levels of amplifications, which makes the risk of having the attack size larger than the resources that are used to ward off these attacks. These two problems combined leaves it exposed to reflection attacks.
The functionality of UDP makes it an ideal tool for denial of service attacks. The attacks such as memcached, WS-Discovery etc. have taken advantage of its functionality to launch attacks.
As the situation today due to covid-19 has been taken advantage of by launching these attacks in a smarter and faster way like using UDP so that fewer resources are needed. It’s very important to take notice of it as this is the third largest attack so far, hence giving the gateway to more powerful attacks in the near future. Hence, by continuing to use UDP for getting the application Interactions we are comprising on the security. A report from Neustar international security council suggests that 23% of the companies today face major distruptions in their network security and 64% face moderate distruption the is a huge number caused by work-from-home model which has been devised because of the global pandemic covid-19.
There needs to be a business plan to ensure the security of network in the time of crisis like this one to avoid further distruptions.