sb-as logo
Story image

CDNetworks explains the brute force of XOR.DDoS attacks

11 Aug 2016

Last year the world was affected by a mass-scale XOR.DDoS attack against Linux PCs at a rate of over 150 Gbps. The malware in question, Malware.XOR.DDoS, was detected in 2014 and has been the subject of many research analyses.

While the original attack targeted Linux, the newer version can also attack Windows PCs, turning them into 'zombie' PCs through the Command & Control (C&C) server.

The XOR.DDoS creates huge volumes of data and meaningless strings in the SYN flood attack, which CDNetworks says is a serious threat as most companies do not have the network processing capacity to deal with the data. In addition, the attack uses TCP, which the small network line can't block.

The report found that 77.1% of the attacks have occurred in China and the United States, mainly in Linux servers that use cloud services and in large-scale cloud service providers, the report found. It suggests that SSH Services (22/TCP) are being used in most attacks, cloud systems without proper security management are most likely to have been hacked.

CDNetworks says the SYN and data flooding can theoretically be blocked if SYN packets with data are detected. The company recommends using a SYN cookie that is effective against spoofing attacks.

The cookie compares sequencing the SYN and if they are not identical, the packet is discarded. Alternatively, First SYN DROP can be another effective method of blocking attacks.

"This technique works by saving the first SYN packet information in the memory and dropping the packet. If the session request is normal, the same IP will send the SYN request again. If the request is made for attack, another SYN request from another IP will be received," a statement from CDNetworks says.

The company recommends investing in a large-scale network line to counteract large TCP attacks, such as in the case of XOR.DDoS.

Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
Kasada launches new defenses against bot attacks
Kasada has announced the general availability of its new V2 platform in a bid to address the increasing sophistication of bot attacks.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More