A security report reveals that the number of DNS Amplification attacks done in the first quarter (Q1) of 2018 have doubled. By definition they are a type of DDOS (Distributed denial of service) attacks which are among the most common hacking tactics. The end goals are to sabotage the targets by rendering the servers inaccessible.
DNS Amplifications Attacks Rampage! Number of Reported Incidents Doubled
Security reports indicate that the number of DNS amplification attacks have doubled in the first three months of 2018 (Q1). This shows that the hackers have shifted tactics by preferring this method over others. The published information reveals that they have spiked nearly 700% year-over-year. The attacks are being done by accessing the open DNS servers to flood the target systems with response traffic. This is done by following these preset steps:
- Target Selection — The hackers pinpoint their targets by finding out their associated DNS servers.
- Packets Creation — After the criminals have selected their targets they begin to send lookup requests with spoofed source addresses. As a result the servers start to send out responses to another server. The attackers aim to include as much information as possible.
- DNS Amplification — The attacks are orchestrated as soon as the servers start to generate the associated responses to the end victims. The analysis team reports that in the majority of cases the requests to the DNS servers use the “ANY” parameters which returns all known information about the DNS zones in a single request. As a result the large amount of generated data that is fed to the victim end targets can easily take them down.
The DNS amplification attacks are easily orchestrated over hacker tactics such as botnets. In such cases it is very difficult (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/growth-dns-amplification-attacks-q1-2018/