informa
5 min read
article

Neustar Security Services Report Highlights Shifts in Threat Landscape Amid Maturing Cybercrime Economy

Carpet bombing attacks increase sharply in 2021, along with complex multivector attacks.

Sterling, VA – Feb. 17, 2022 Neustar Security Services, a leading provider of cloud-oriented security services that enable global businesses to thrive online, has released its 2021 year-in-review “Cyber Threats & Trends Report: Defending Against A New Cybercrime Economy,” which details the ongoing rise in cyberattacks fielded by the company’s Security Operations Center (SOC) in 2021.

In 2021, the company’s SOC saw an unprecedented number of “carpet bombing” distributed denial of service (DDoS) attacks. Carpet bombing, in which a DDoS attack targets multiple IP addresses of an organization within a very short time, accounted for 44% of total attacks last year, but the disparity between the first and second half of 2021 was stark. While carpet bombing represented just over a third (34%) of total attacks mitigated by Neustar Security Services’ SOC in both Q1 and Q2, these attacks saw a big jump in the second half – representing 60% of all attacks in Q3, and 56% in Q4.

While the vast majority of attacks fell into the 25 gigabits per second (Gbps) and under size category, and the average attack was just 4.9 Gbps last year, 2021 saw many large-scale attacks as well. The largest measured 1.3 terabits per second (Tbps) and the most intense was 369 million packets per second (Mpps). The longest-lasting attack clocked in at 9 days, 22 hours and 42 minutes although the majority of attacks were over in minutes. Nearly 40% of the unique attacks seen by the SOC in 2021 took place in the first three months of the year. The number dropped significantly in the second and third quarters before rebounding in the fourth quarter.

A mix of new vectors and old favorites

Attacks varied more widely in complexity than what has been observed in the past few years. Single vector attacks represented 54% of attacks in 2021 compared to 5% in 2020, showing an economy of effort from many attackers. At the same time, the number of highly complex attacks using four or more vectors increased, reaching a record 4% of total attacks, so when an attacker gets serious, they can make it much more difficult on defenders.

Botnets continued to play a key role in DDoS attacks in 2021, with security professionals uncovering new botnets and command and control (C2) servers every day. One of the year’s highest-profile new botnets was Meris, which uses HTTP pipelining to overwhelm web applications by bombarding websites and applications with massive numbers of requests per second. The SOC also saw a high level of reflection/amplification DDoS attacks, using both familiar vectors such as DNS and Remote Desktop Protocol (RDP) and a variety of new ones as well.

The report also details how web applications are under assault on a number of different fronts. Attacks against web services have risen in tandem with increased adoption of web applications, and web apps are by far the top hacking vector in breaches.

Ubiquitous DNS attacks

The domain name system (DNS) has long been a popular target for DDoS attacks, both as an amplification vector and as a direct target, as well as for other types of exploits. Common threats to DNS include attacks that deliver a bad answer to DNS queries (DNS hijacking, for example), attacks that prevent the DNS from answering queries (flood attacks or reflection/amplification attacks) and attacks that use DNS as a transport mechanism to convey information through firewalls (DNS tunneling). These attacks can be difficult to defend against without the appropriate technology and expertise, and rectifying problems can be time-consuming and costly.

According to a September 2021 Neustar International Security Council report, 72% of organizations surveyed had experienced at least one DNS attack in the previous 12 months, and the impact was significant in 58% of cases. The most common types of DNS attacks were DNS hijacking (experienced by 47% of organizations in the past 12 months), followed closely by DNS flood, reflection/amplification or other type of DDoS attack (46%), DNS tunneling (35%) and cache poisoning (33%).

Recommended deterrents

What can enterprises do to protect themselves in this continually evolving security environment? Neustar Security Services recommends four key measures, as Carlos Morales, SVP, Solutions explains: “First, ensure that your DDoS defense is capable of managing the scale and complexity of the attack landscape and the protection includes your DNS infrastructure. Second, engage a vendor-neutral managed DNS service that can provide the deep expertise needed to ensure high performance and security. Third, with new vulnerabilities being discovered daily and limited resources to patch them all, you should consider virtual patching via your web application firewall (WAF), to prevent the exploitation of known vulnerabilities. Finally, consider a cloud-based WAF to augment your defenses against attacks on web apps, which remain the primary access point for data breaches.”

A copy of the Neustar Security Services report is available here.

About Neustar Security ServicesThe world’s top brands depend on Neustar Security Services to safeguard their digital infrastructure and online presence. Neustar Security Services offers a suite of cloud-delivered services that are secure, reliable, and available to enable global businesses to thrive online. The company’s Ultra Secure suite of solutions protects organizations’ networks and applications against risks and downtime,ensuring that businesses and their customers enjoy exceptional interactions all day, every day. Delivering the industry’s best performance service, Neustar Security Services’ mission-critical security portfolio provides best-in-class DNS, application and network security (including DDoS, WAF and bot management) and threat feed services to its Global 5000 customers and beyond. For more information, visit https://www.home.neustar/security-solutions.