Story image

The next major DDoS battleground: DNSSEC a 'significant new risk'

21 Mar 2018

Distributed Denial of Service (DDoS) attacks using amplification to increase severity grew 110% in the fourth quarter of 2017 compared to the same quarter in 2016.

Nexusguard’s Q4 2017 Threat Report says that Domain Name System Security Extensions (DNSSEC) are to blame for the massive increase.

Although DNSSEC tools are designed to add integrity and security to the DNS protocol, they can be a ‘significant new risk’ if they are not properly configured.

DNSSEC-enabled servers can be specific targets in order to reflect amplification attacks because of the large response sizes they generate.

Nexusguard explains how a DNSSEC attack works:

“The extra security DNSSEC provided relies on resource-intensive data verification using public keys and digital signatures. Consequently, the size of DNS response packets becomes significantly larger than the original queries, which drastically increases the computational load on DNS servers as well as query response times.”

“The extra workload translates into an “amplification factor” that attackers leverage to generate DNS amplification attacks. To measure the potential amplitude of an amplification factor, we sent queries with a packet size of 81 bytes to activum.nu. The nameserver responded at 6,156 bytes, approximately 76 times the packet size of the original queries.”

The overall number of DDoS attacks dropped 12%, however Nexusguard warns that DNSSEC attacks may spawn a new class of powerful botnets.

"Enterprises have worked hard to patch against snooping, hijacking and other DNS abuses; however, improperly configured DNSSEC-enabled nameservers may be a new plague for unprepared teams," comments Nexusguard chief technology officer Juniman Kasman.

"Admins and IT teams need to check security for the entire network, as well as correctly configure DNSSEC on the domain to properly harden servers against these new attacks."

Attackers are also using multi-vector attacks that include a mix of network time protocol (NTP), universal datagram protocol (UDP), DNS and other vectors.

DNS amplification, UDP, and IP fragmentation contributed for the top three attack vectors in the quarter, with 16.10%, 15.31%, and 12.18% respectively.

The report says that more than 56% of attacks exploit multi-vector combinations.

The report also found that China and the United States continue to reign as the two top DDoS attack source countries in Q4. China accounted for 21.8% of all attacks. South Korea climbed to third place and accounted for almost 6% of global attacks.

In APAC, the top 10 DDoS attack source countries include China; South Korea; Vietnam; India; Thailand; Indonesia; Taiwan; Hong Kong; Nepal; and Singapore.

Globally, 49.3% of attacks ranged between 1Gbps and 10Gbps. 20.8% of attacks were more than 10Gbps. The largest attack in Q4 measured 231.32Gbps.

69% of global attacks lasted fewer than 90 minutes. These attacks occurred during peak operation hours, resulting in service downtime for affected businesses. The longest attack went for 1200 minutes.

Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.