Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/24/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Report: IoT-Connected Devices Leading to Rise in SSDP-based Reflection Attacks

NSFOCUS Report States Online Gaming and Entertainment Sectors Continue to be High on the Target List and Attackers Are Becoming More Sophisticated

SAN FRANCISCO – April 21, 2015 (RSA, Moscone Center, Booth #832) – NSFOCUS released its bi-annual DDoS Threat Report today, revealing new attack findings and rising threats that organizations should be aware of throughout 2015. As the tide of distributed denial-of-service (DDoS) attacks continues to expand, the rise of the Internet of Things (IoT) and the influx of network connected devices, such as webcams and routers, are leading to the growth of Simple Service Discovery Protocol (SSDP)-based amplification attacks. To download the entire report, visit http://www.nsfocus.com/2015/SecurityReport_0416/196.html

 KEY FINDINGS: 

Results of statistical analysis and key observations are based on data from actual incidents of DDoS attacks that occurred during the second half of 2014. This data was collected from a mix of global enterprises, Internet service providers, regional telecom operators and Internet hosting companies.

 The rise of IoT-connected devices responsible for an increase in SSDP reflection attacks: With the proliferation of the Internet of Things, any network-connected device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP-based reflection type attacks. This particular type of DDoS attack was seen as the second most dominant threat, after NTP-based attacks, in 2H 2014. More than 30 percent of compromised SSDP attack devices were network-connected devices such as home routers and webcams. Findings also revealed that globally, more than 7 million SSDP devices could potentially be exploited.

  • Attackers are becoming smarter: While 90 percent of DDoS attacks lasted less than 30 minutes, one attack lasted 70 hours. This shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploy malware and steal data. These techniques indicate that today’s attacker continues to become smarter and more sophisticated.
  • Online retailers, media and gaming remain top targets: As retailers, entertainment and gaming companies increasingly employ online environments, consumers demand the highest level of quality of service. By slowing down or flooding these servers, attackers look to take advantage of online businesses through a variety of means, including blackmail, unfair business competition or asset theft.

Yonggang Han, COO of global business, NSFOCUS, said:

“We are watching the evolution of attack technologies that amount to nothing less than ‘bullying’ (flood attacks) and ‘leveraging’ (resource exhaustion) tactics that enhance the impact by exploiting network bandwidth. To counteract these assaults, organizations must look to traffic-cleaning devices in conjunction with other security protocols.”

Visit us at RSA2015, April 20-23 – South Hall, Booth# 832

 About NSFOCUS

NSFOCUS is a global provider of distributed denial of service (DDoS) mitigation solutions. Founded in 2000, the company provides enterprise-level, carrier-grade solutions for DDoS mitigation, Web security and enterprise-level network security. With more than a decade of experience in DDoS research and development and mitigation, NSFOCUS has helped customers around the world maintain high levels of Internet security, website uptime and business operations to ensure that their online systems remain available. The NSFOCUS Anti-DDoS System (ADS) empowers customers to find and fend off a variety of incidents, from simple network layer attacks to more sophisticated and potentially damaging application-layer attacks, all while guaranteeing legitimate traffic gets through to networks and corporate-critical systems. For more information, visit www.nsfocus.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
CVE-2021-3197
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.