Wednesday, February 21, 2024

Hackers Shifting DDoS Attacks to VPS Infrastructure for Increased Power

Cloudflare released a threat report for DDoS of Q1 2023, showing that cyber threat actors use VPS-based attack vectors instead of compromised IoT (Internet of Things) devices.

DDoS is an abbreviation for Distributed Denial of Service attack in which threat actors send multiple requests that a web server cannot handle, making the server unavailable for usage.

2023 started with attack campaigns targeting banks, airports, healthcare, and universities. Pro-Russian Telegram-organised groups mainly conducted these attacks, like Killnet and AnonymousSudan.

Other threat actors who perform hyper-volumetric DDoS attacks are on the rise, with one of the attacks ranging to a maximum of 71 Million requests per second which is higher than Google’s highest recorded request of 46 million. However, Neither Killnet nor AnonymousSudan was responsible for this hyper-volumetric attack.

Cloudflare requested organizations to take preventive measures to protect their businesses from threat actors. Another powerful attack that Cloudflare handled and mitigated was an attack on a South American Telecommunications provider.

The attack reached a maximum of 1.3 Tbps (Terabits per second) which did not last more than a minute. The attack analysis showed traffic originating from the US, Brazil, Japan, Hong Kong, and India as a multi-vector attack involving DNS and UDP traffic. 

As per Cloudflare reports, further analysis of the attack revealed that it was part of a broader campaign that includes multiple Terabit-strong attacks from a 20,000-strong Mirai-Variant botnet.

VPS for Increased Power

Older methods of DDoS involved using a large number of botnets that are usually IoT devices like security cameras or other small devices.

This usually accounts for hundreds of thousands or millions of devices which is enough to disrupt their targets. However, these devices must be exploitable to craft the attack.

Modern DDoS attacks use virtual private servers that amount to just a fraction of the devices used in the older methods. These servers are powerful to generate multiple requests, allowing attackers to conduct a DDoS attack much simpler and more efficiently.

Virtual Private Servers were introduced to help businesses create high-performance applications, which are now a haven for cyber threat actors.

Threat actors gain access to these vulnerable servers and pivot their way into management consoles using leaked API credentials. 

As per reports from Cloudflare, “Cloudflare has been working with key cloud computing providers to crack down on these VPS-based botnets. Substantial portions of such botnets have been disabled thanks to the cloud computing providers’ rapid response and diligence. Since then, we have yet to see additional hyper-volumetric attacks — a testament to the fruitful collaboration“.

Furthermore, the reports said 16% of their surveyed customers had faced a Ransom DDoS attack which seems to be low. However, this accounts for a 60% increase compared to previous reports.

Two majorly targeted industries were Broadcast media and Non-profit organizations. Also, Finland has the highest traffic from which HTTP DDoS attacks originated, and Israel was the most targeted country. 

Cyber attacks above 100 Gbps have increased by 6% Quarter on Quarter. DNS-based attacks became the most popular. Cloudflare has released a complete analysis of the Q1 2023 DDoS attack vector.

Cloud computing has become increasingly demanding for all businesses, and most are migrating to cloud environments. Unfortunately, threat actors are also rising since technological advancements create additional space for attackers to conduct malicious activities.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Related Coverage:

Website

Latest articles

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...

New Mingo Malware Attacking Linux Redis Servers To Mine Cryptocurrency

The malware, termed Migo by the creators, attempts to infiltrate Redis servers to mine cryptocurrency on...

Security Onion 2.4.50 Released for Defenders With New Features

Security Onion Solutions has recently rolled out the latest version of its network security...

VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin...

LockBit Ransomware Members Charged by Authorities, Free Decryptor Released

In a significant blow to one of the most prolific ransomware operations, authorities from...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles