Hackers Shifting DDoS Attacks to VPS Infrastructure for Increased Power

Cloudflare released a threat report for DDoS of Q1 2023, showing that cyber threat actors use VPS-based attack vectors instead of compromised IoT (Internet of Things) devices.

DDoS is an abbreviation for Distributed Denial of Service attack in which threat actors send multiple requests that a web server cannot handle, making the server unavailable for usage.

2023 started with attack campaigns targeting banks, airports, healthcare, and universities. Pro-Russian Telegram-organised groups mainly conducted these attacks, like Killnet and AnonymousSudan.

Other threat actors who perform hyper-volumetric DDoS attacks are on the rise, with one of the attacks ranging to a maximum of 71 Million requests per second which is higher than Google’s highest recorded request of 46 million. However, Neither Killnet nor AnonymousSudan was responsible for this hyper-volumetric attack.

Cloudflare requested organizations to take preventive measures to protect their businesses from threat actors. Another powerful attack that Cloudflare handled and mitigated was an attack on a South American Telecommunications provider.

The attack reached a maximum of 1.3 Tbps (Terabits per second) which did not last more than a minute. The attack analysis showed traffic originating from the US, Brazil, Japan, Hong Kong, and India as a multi-vector attack involving DNS and UDP traffic. 

As per Cloudflare reports, further analysis of the attack revealed that it was part of a broader campaign that includes multiple Terabit-strong attacks from a 20,000-strong Mirai-Variant botnet.

VPS for Increased Power

Older methods of DDoS involved using a large number of botnets that are usually IoT devices like security cameras or other small devices.

This usually accounts for hundreds of thousands or millions of devices which is enough to disrupt their targets. However, these devices must be exploitable to craft the attack.

Modern DDoS attacks use virtual private servers that amount to just a fraction of the devices used in the older methods. These servers are powerful to generate multiple requests, allowing attackers to conduct a DDoS attack much simpler and more efficiently.

Virtual Private Servers were introduced to help businesses create high-performance applications, which are now a haven for cyber threat actors.

Threat actors gain access to these vulnerable servers and pivot their way into management consoles using leaked API credentials. 

As per reports from Cloudflare, “Cloudflare has been working with key cloud computing providers to crack down on these VPS-based botnets. Substantial portions of such botnets have been disabled thanks to the cloud computing providers’ rapid response and diligence. Since then, we have yet to see additional hyper-volumetric attacks — a testament to the fruitful collaboration“.

Furthermore, the reports said 16% of their surveyed customers had faced a Ransom DDoS attack which seems to be low. However, this accounts for a 60% increase compared to previous reports.

Two majorly targeted industries were Broadcast media and Non-profit organizations. Also, Finland has the highest traffic from which HTTP DDoS attacks originated, and Israel was the most targeted country. 

Cyber attacks above 100 Gbps have increased by 6% Quarter on Quarter. DNS-based attacks became the most popular. Cloudflare has released a complete analysis of the Q1 2023 DDoS attack vector.

Cloud computing has become increasingly demanding for all businesses, and most are migrating to cloud environments. Unfortunately, threat actors are also rising since technological advancements create additional space for attackers to conduct malicious activities.

Struggling to Apply The Security Patch in Your System? – 

Related Coverage:

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

3 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago