There’s a New Type of DDoS Attack in Town

Distributed Denial of Service (DDoS) attacks are a huge cybersecurity problem. And they’re only getting worse. According to Neustar’s May 2017 Worldwide DDoS Attacks & Cyber Insights Research Report, 84% of the 1,010 organizations surveyed suffered at least one significant DDoS attack in the past twelve months, up from 73% in 2016.

86% of the surveyed organizations reported multiple DDoS attacks in that time period. Compared to 2016, in the 2017 report there were twice as many DDoS attacks that used more than 50 Gbps of data. Chances are 2018 will be even worse.

Now, there’s news of a new type of DDoS attack. This attack method is designed to evade DDoS mitigation measures, making it a stealthier way to bring down targeted networks.

UPnP DDoS Attacks

Security researchers at Imperva have discovered a sneaky new way to perform a DDoS attack. They caught cyber attackers using it in the wild, and they’ve been able to replicate the attack themselves.

The Universal Plug and Play (UPnP) protocol is designed to facilitate device discovery over a network using UDP port 1900, and then can use a TCP port for device control. UPnP is often used within LANs so that routers, printers, and client machines can discover each other and communicate. When implemented properly, this can make a network administrator’s job easier.

Unfortunately, UPnP has a number of well known vulnerabilities. Default settings can leave UPnP open to external cyber attackers because the protocol lacks an authentication mechanism. There are also lots of remote code execution vulnerabilities which are specific to UPnP.

DDoS attacks in general are often mitigated by identifying particular source ports and blocking their traffic. But with the way that UPnP is designed, cyber attackers can easily mask the source port they’re exploiting. UPnP is made to forward (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Kim Crawley. Read the original post at: