Neustar, a global information and technology provider company, revealed that it found 168% increase in distributed denial-of-service (DDoS) attacks in Q4 2019, compared with Q4 2018, and a 180% increase overall in 2019 compared to 2018. In its “Cyberthreats and Trends Report”, Neustar revealed that it discovered DDoS attacks across all size categories increase in 2019, with attacks sized 5 Gbps and below seeing the largest growth.
According to the report, the maximum DDoS attack intensity observed in 2019 is at 587 GB per second which was 31% larger than the largest attack of 2018, which is 343 million packets per second. The longest single, uninterrupted attack experienced in 2019 lasted three days, 13 hours and eight minutes, the report revealed.
Earlier, a similar research from Kaspersky Lab revealed that the number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 of 2018. In its research report dubbed “DDoS Attacks in Q1 2019”, Kaspersky stated that it discovered a considerable growth in the number of attacks that lasted more than an hour. According to the research findings, China reported the highest number of DDoS attacks (67%) while the U.S. reported the second largest attacks (17.17%) and Hong Kong stood third (4.81%).
Weaponizing Documents for DDoS Attacks
Many industry experts stressed that DDoS attacks have evolved into weaponized instruments used to disseminate ransomware, as well as launch disruptive attacks against their targets. Attack vectors targeted for weaponization include mobile devices, documents, browsers, with the current favorite being IoT devices.
Researchers from Sophos discovered a weaponized document serving the dual purpose of delivering ransomware to the system, as well as exploiting it for potential DDoS attacks. The weaponized document was sent as a spear fishing email which upon opening launched Microsoft Word and initiated embedded macros, which enabled elevated privileges for the malicious document to execute an encoded VBscript. The binary made changes to the screensaver via registry and also appeared to be carrying out a DDoS attack by flooding the subnet with network traffic using UDP packets on port 6892. The spoofed source address could direct response traffic from the subnet to interrupt host operations.