DDoS attacks in Q4 2020

[harlan4096]

News overview

Cybercriminals are constantly on the lookout for means and methods to make attacks more destructive. In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. To amplify the attack, the attackers sent requests to devices with the DTLS interface enabled, spoofing victims’ IP addresses. Consequently, the victims received reply packets several times larger in size. In the case of Citrix devices, the amount of junk traffic could increase by up to 36 times. After the attacks came to light, the manufacturer promptly released a firmware update for configuring verification of incoming requests. For those who do not use DTLS, it is recommended to simply disable this protocol.

Another notable attack in December targeted the website Bitcoin.org, which hosts Bitcoin Core, one of the most widely used software versions of bitcoin. While
the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service. Most likely, the attack is related to the bitcoin price, which has steadily risen over the past quarter. According to one of the developers behind Bitcoin.org, the site is always hit whenever bitcoin is on the up.

Overall, Q4 remained within the parameters of 2020 trends. Cybercriminals used the names of well-known APT groups to intimidate victims, demanded ransoms in cryptocurrency, and carried out demonstration attacks to back up their threats. Extortionists’ activity regularly made the news throughout 2020. In October, telecommunications firm Telenor Norway was another to fall victim.

Since the transition of schools and universities to remote learning, cybercriminals have tried to disrupt classes by flooding educational platforms with garbage traffic. This trend continued in the last months of 2020. In October, schools in Sandwich and Tyngsboro, Massachusetts, suffered network outages. In both cases, the institutions initially put the incident down to technical failure, and only later discovered the attack. In December, Canada’s Laurentian University reported a DDoS attack. But it dealt with the problem in a matter of minutes. Still, such attacks by year’s end were serious enough for the FBI to flag them in its December advisory as a major threat to teaching facilities. Educational institutions are recommended to use anti-DDoS solutions and strong firewall settings, and partner up with ISPs.

Gaming platforms didn’t escape cybercriminal attention either. According to ZDNet, Xbox and Steam were the targets of amplification attacks through Citrix devices. In early October, a DDoS attack was reported by the PUBG Mobile team.

https://twitter.com/PUBGMOBILE/status/13...wcon%5Es1_&ref_url=https%3A%2F%2Fsecurelist.com%2Fddos-attacks-in-q4-2020%2F100650%2F

And Blizzard’s European servers were hit by threat actors twice in the quarter.

https://twitter.com/BlizzardCSEU_EN/stat...wcon%5Es1_&ref_url=https%3A%2F%2Fsecurelist.com%2Fddos-attacks-in-q4-2020%2F100650%2F

In late December, several dozen top streamers planned to celebrate the end of 2020 playing through Rust all on the same server. The show failed at the first attempt, apparently due to a DDoS attack, although there is no reliable data on this. Given the hype surrounding the event, it may have been caused by an influx of fans tuning in. In 2020, when much of life shifted online, internet resources repeatedly suffered from surges in totally legitimate activity.

As for the fightback, the most notable Q4 event was the conviction of a former Apophis Squad member responsible for a string of DDoS attacks, including for ransom, as well as for disrupting school classes worldwide through fake bomb alerts, and for storing child pornography. For his efforts, the perpetrator was sentenced to eight years in prison.

The resistance against individual attack vectors also continues. The Internet Engineering Task Force (IETF) published a proposal for Network Time Security (NTS), a secure standard for data transmission over the Network Time Protocol (NTP), which is used to synchronize time across a network. The document addresses, in particular, the problem of DDoS amplification through this protocol and prohibits the sending, in response to a request, of data packets larger than the request packet.

Quarter and year trends

This time, our forecasts came true exactly 50%: as expected, in Q4 2020 we observed indicators comparable to those for the same period in 2019, and even slightly higher. However, growth relative to Q3 2020, which we predicted as a possible alternative, did not occur. On the contrary, the total number of attacks fell by about 30%, and smart attacks by 10%.
...

Continue Reading