Story image

The next major DDoS battleground: DNSSEC a 'significant new risk'

21 Mar 2018

Distributed Denial of Service (DDoS) attacks using amplification to increase severity grew 110% in the fourth quarter of 2017 compared to the same quarter in 2016.

Nexusguard’s Q4 2017 Threat Report says that Domain Name System Security Extensions (DNSSEC) are to blame for the massive increase.

Although DNSSEC tools are designed to add integrity and security to the DNS protocol, they can be a ‘significant new risk’ if they are not properly configured.

DNSSEC-enabled servers can be specific targets in order to reflect amplification attacks because of the large response sizes they generate.

Nexusguard explains how a DNSSEC attack works:

“The extra security DNSSEC provided relies on resource-intensive data verification using public keys and digital signatures. Consequently, the size of DNS response packets becomes significantly larger than the original queries, which drastically increases the computational load on DNS servers as well as query response times.”

“The extra workload translates into an “amplification factor” that attackers leverage to generate DNS amplification attacks. To measure the potential amplitude of an amplification factor, we sent queries with a packet size of 81 bytes to activum.nu. The nameserver responded at 6,156 bytes, approximately 76 times the packet size of the original queries.”

The overall number of DDoS attacks dropped 12%, however Nexusguard warns that DNSSEC attacks may spawn a new class of powerful botnets.

"Enterprises have worked hard to patch against snooping, hijacking and other DNS abuses; however, improperly configured DNSSEC-enabled nameservers may be a new plague for unprepared teams," comments Nexusguard chief technology officer Juniman Kasman.

"Admins and IT teams need to check security for the entire network, as well as correctly configure DNSSEC on the domain to properly harden servers against these new attacks."

Attackers are also using multi-vector attacks that include a mix of network time protocol (NTP), universal datagram protocol (UDP), DNS and other vectors.

DNS amplification, UDP, and IP fragmentation contributed for the top three attack vectors in the quarter, with 16.10%, 15.31%, and 12.18% respectively.

The report says that more than 56% of attacks exploit multi-vector combinations.

The report also found that China and the United States continue to reign as the two top DDoS attack source countries in Q4. China accounted for 21.8% of all attacks. South Korea climbed to third place and accounted for almost 6% of global attacks.

In APAC, the top 10 DDoS attack source countries include China; South Korea; Vietnam; India; Thailand; Indonesia; Taiwan; Hong Kong; Nepal; and Singapore.

Globally, 49.3% of attacks ranged between 1Gbps and 10Gbps. 20.8% of attacks were more than 10Gbps. The largest attack in Q4 measured 231.32Gbps.

69% of global attacks lasted fewer than 90 minutes. These attacks occurred during peak operation hours, resulting in service downtime for affected businesses. The longest attack went for 1200 minutes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.