sb-nz logo
Story image

Akamai discovers new DDoS threats, issues medium risk level

07 Jun 2016

A potentially malicious DDoS vulnerability has been discovered by Akamai's Security Intelligence Response team.

The DDoS amplification attack takes advantage of TFTP, a method of installing operating systems across a network in a specialised carrier, often called 'headless installations'.

These installations are not typically internet-based, but LAN-based. It is used to update devices with software updates and OS configurations when they are first set up on the network. However, a minority of LAN servers have access to internet and this has been the start of the cyber attacks.

The attack start time also coincided with the release of research about TFTP done by Edinburgh Napier University. As at April 20, 2016, Akamai had 'mitigated' ten attacks that had been used in the same way.

Akamai says the attacks were multi-vector attacks that included TFTP reflection, which may mean at least one site is using DDoS as a service.

Akamai says that TFTP alone has produced an attack of 1.2Gbps, but multi-vector attacks have produced attacks at 44Gbps. Akamai says that attacks are small and originating from Asia as well as Europe. The TFTP attacks are also limited because they can only deliver files to a small amount of hosts at any one time.

Attacks may include 'out of memory' signatures, which Akamai says alludes to "TFTP servers not being able to handle the rapid fire queries sent by the TFTP flood attack tool".

Akamai advises threat prevention and mitigation. TFTP server hosts should analyse whether UDP port 69 should have access to the internet. If it is necessary, use firewalls and allow only trusted access. Use SNORT or another IDS to detect network server abuse.

More details about the attack will be in Akamai's State of the Internet report, due to be released in early June.

Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More
Story image
SecOps opens new Cyber Defence Operations Centre in Auckland
Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.More
Story image
Trend Micro receives AWS Outposts Ready designation
rend Micro solutions are now fully and demonstrably capable of integrating with Outposts deployments.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More