According to a recent report by Lumen Technologies, Distributed Denial of Service (DDoS) attacks are becoming increasingly intricate and difficult to detect. The study highlights a surge in Domain Name Server (DNS) Amplification attacks, with a particular emphasis on the rising prevalence of DNS water torture attacks.
Lumen’s findings, which draw upon data from their internal tools and the insights of their API and application protection partner, ThreatX, reveal that DNS amplification was leveraged in 26% of single-vector attacks during Q1 2023. This represents a staggering 417% increase compared to the previous quarter. Notably, the most sophisticated form of DNS amplification identified is the “DNS water torture attack.”
Mitigating these attacks poses significant challenges. DNS Amplification attacks involve flooding a target with DNS response traffic, utilizing publicly accessible open DNS servers. DNS water torture attacks, on the other hand, prevent the DNS server from responding to valid DNS queries, rendering comprehensive DDoS mitigation measures indispensable.
In addition to DNS Amplification, threat actors employ various other attack vectors, including ICMP, TCP RST, TCP SYN/ACK Amplification, and UDP amplification. These multifaceted assaults targeting specific ports, protocols, and systems significantly heighten the difficulty of mitigation.
Lumen’s report highlights that the volume of DDoS attacks remains alarmingly high. In the first quarter of this year alone, the company mitigated over 8,600 such attacks, marking a 40% increase compared to the previous year. Q1 2023 ranked as the second-busiest quarter in the last two years.
It is noteworthy that threat actors often choose holidays as opportune moments to launch their attacks, taking advantage of reduced staff presence in target organizations. Martin Luther King, Jr. Day emerged as the busiest holiday during Q1.
Peter Brecl, Lumen’s Director of Product Management for DDoS mitigation and application protection, commented on the evolving threat landscape, stating, “The pace at which companies and other organisations have been expanding their digital footprints has increased over the past few years. The larger attack surface creates more opportunities for threat actors to launch attacks. The only way to protect that digital presence is to deploy a holistic solution that includes network protection, application-layer protection, and application acceleration capabilities. This type of comprehensive coverage – including DDoS mitigation, API protections, Web Application Firewalls, and Bot Risk Management – helps ensure that critical business functions stay up and running – even when under an active attack.”