Denial-of-Service attacks (DDoS) are one of the oldest, most widespread, and maybe even the siplest types of cyberattacks used by cybercriminals to disrupt the functionality of websites or computer systems. Perhaps this is the reason they are still in use today, despite the emergence of new cyberattack strategies as well as the evolution of many traditional ones.
DDoS attacks are also evolving continuously and we have recently witnessed four new examples of this. The FBI warned at the end of July that new network protocols were being abused by cybercriminals, exploiting vulnerabilities to launch denial-of-service attacks against companies and others. Specifically, there were three protocols (CoAP, WS-DD, ARMS) and a Web application (Jenkins), some of which had previously been used as a vector for such attacks.
How the attack vectors work_
So how do these attack vectors work? Each has its own specific characteristics and, consequently, its own vulnerabilities and means of exploiting them:
The Constrained Application Protocol (CoAP) is a common protocol on the Internet of Things (IoT), as it enables secure connections on these devices (similar to HTTPS on Web pages). In December 2018, cybercriminals used the multicast and command transmission features of the protocol, exploiting, among other things, the fact that it uses UDP, so attackers were able to spoof the IP addresses of victims and amplify attacks by a factor of 34.
The Web Services Dynamic Discovery (WS-DD) protocol is also common on the IoT, as it enables users to find nearby devices to connect with. In fact, according to ZDNet, In August last year, there were around 630,000 Internet-connected IoT devices using the protocol. This was the vector chosen by cybercriminals to launch, between May and August, nearly 130 denial-of-service attacks, some of which reached speeds of up to 350 Gbps. To further complicate things, WS-DD also uses UDP, so the attackers managed to crash systems by having victims’ devices make an unmanageable number of connections.
Many companies and large institutions (especially universities) will be aware of Apple Remote Desktop (ARD), a feature that allows Mac computer users to connect to their computers remotely. In this case the vulnerability resided on one of its tools, Apple Remote Management Service (ARMS), which allowed attackers to send multiple commands to port 3283 in October 2019, again causing systems to crash.
The only vector that is not a protocol and, for the time being at least, the one that has registered least activity targeting its vulnerabilities. Jenkins is widely used by software developers as its open source server network enables the automation of software development. In February this year, however, UK researchers uncovered a vulnerability in network protocols that could aid cybercriminals launching DDoS attacks, as vulnerable servers would enable amplification of traffic by up to 100.
How to prevent these attacks_
The FBI has underlined two negative factors. Firstly, as these DDoS attack vectors have been discovered recently, it does not believe it likely that vendors will remove or disable these vulnerabilities even though they affect essential components for the operation of each device.
Secondly, the law enforcement agency is not optimistic about the prospects going forward: “In the near term, cyber actors likely will exploit the growing number of devices with built-in network protocols enabled by default to create large-scale botnets capable of facilitating devastating DDoS attacks”.
Companies and organizations wanting to protect themselves against such potential security flaws should consequently ensure that devices are secured against vulnerabilities and their exploitation by cybercriminals. To this end, Cytomic Patch identifies and deals with vulnerabilities in operating systems and hundreds of common applications in enterprise environments in real time, providing centralized patching from the Cytomic cloud console. What’s more, the Cytomic Ionic and Cytomic Covalent solutions provide features that include isolating out-of-date computers to mitigate any risks.
The problem with recently discovered vulnerabilities is not just that they will be exploited rapidly and exponentially, but that developers of affected devices are often not quick enough to resolve those problems. It is therefore essential that organizations take control and protect their IT systems properly and appropriately.