Monday, June 24, 2024

Hackers Shifting DDoS Attacks to VPS Infrastructure for Increased Power

Cloudflare released a threat report for DDoS of Q1 2023, showing that cyber threat actors use VPS-based attack vectors instead of compromised IoT (Internet of Things) devices.

DDoS is an abbreviation for Distributed Denial of Service attack in which threat actors send multiple requests that a web server cannot handle, making the server unavailable for usage.

2023 started with attack campaigns targeting banks, airports, healthcare, and universities. Pro-Russian Telegram-organised groups mainly conducted these attacks, like Killnet and AnonymousSudan.

Other threat actors who perform hyper-volumetric DDoS attacks are on the rise, with one of the attacks ranging to a maximum of 71 Million requests per second which is higher than Google’s highest recorded request of 46 million. However, Neither Killnet nor AnonymousSudan was responsible for this hyper-volumetric attack.

Cloudflare requested organizations to take preventive measures to protect their businesses from threat actors. Another powerful attack that Cloudflare handled and mitigated was an attack on a South American Telecommunications provider.

The attack reached a maximum of 1.3 Tbps (Terabits per second) which did not last more than a minute. The attack analysis showed traffic originating from the US, Brazil, Japan, Hong Kong, and India as a multi-vector attack involving DNS and UDP traffic. 

As per Cloudflare reports, further analysis of the attack revealed that it was part of a broader campaign that includes multiple Terabit-strong attacks from a 20,000-strong Mirai-Variant botnet.

VPS for Increased Power

Older methods of DDoS involved using a large number of botnets that are usually IoT devices like security cameras or other small devices.

This usually accounts for hundreds of thousands or millions of devices which is enough to disrupt their targets. However, these devices must be exploitable to craft the attack.

Modern DDoS attacks use virtual private servers that amount to just a fraction of the devices used in the older methods. These servers are powerful to generate multiple requests, allowing attackers to conduct a DDoS attack much simpler and more efficiently.

Virtual Private Servers were introduced to help businesses create high-performance applications, which are now a haven for cyber threat actors.

Threat actors gain access to these vulnerable servers and pivot their way into management consoles using leaked API credentials. 

As per reports from Cloudflare, “Cloudflare has been working with key cloud computing providers to crack down on these VPS-based botnets. Substantial portions of such botnets have been disabled thanks to the cloud computing providers’ rapid response and diligence. Since then, we have yet to see additional hyper-volumetric attacks — a testament to the fruitful collaboration“.

Furthermore, the reports said 16% of their surveyed customers had faced a Ransom DDoS attack which seems to be low. However, this accounts for a 60% increase compared to previous reports.

Two majorly targeted industries were Broadcast media and Non-profit organizations. Also, Finland has the highest traffic from which HTTP DDoS attacks originated, and Israel was the most targeted country. 

Cyber attacks above 100 Gbps have increased by 6% Quarter on Quarter. DNS-based attacks became the most popular. Cloudflare has released a complete analysis of the Q1 2023 DDoS attack vector.

Cloud computing has become increasingly demanding for all businesses, and most are migrating to cloud environments. Unfortunately, threat actors are also rising since technological advancements create additional space for attackers to conduct malicious activities.

Struggling to Apply The Security Patch in Your System? – 

Related Coverage:


Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles