A10 Networks tracked nearly six million DDoS weapons in Q4 2019. Here’s what they discovered about the threats targeting companies today.
A10 Networks, a provider of intelligent and automated cybersecurity solutions, has announced the release of its research carried out into DDoS weapons and attack vendors. The research revealed that SNMP and SSDP remain the top sources for DDoS attacks, but they tracked nearly 800,000 WS-Discovery sources for exposed reflection amplification as well.
The report revealed 1,390,505 SNMP weapons and 1,196,798 SSDP weapons were tracked, while 781,147 WS-Discovery weapons, 661,810 TFTP weapons and 389,956 DNS Resolver weapons were tracked.
DDoS-for-hire services and other attackers continually scan for fresh TCP and UDP services to exploit, while the top countries hosting DDoS weapons align closely with the top ASNs where they connect. The top countries were China with 739,223 DDoS weapons, the USA with 448,169, the Republic of Korea with 440,185, India with 268,864, Russia with 253,609 and Taiwan with 199,656 DDoS weapons.
The research also revealed that China hosts nearly a quarter of observed DDoS botnet agents (24%), with Brazil next with 9%, Iran with 6%, Taiwan with 4% and Thailand with 4%.
Attacking drones are most often seen in Brazil followed by Thailand, Hong Kong, India and Russia.
Connected devices are expanding exponentially and they offer fertile ground for DDoS botnets. 5G will supercharge that growth. The Mirai malware family leads the pack so far.
With reflected ampliﬁcation, attackers exploit UDP-based protocols to launch the largest DDoS attacks ever seen. The top reflected amplification protocols were SNMP, SSDP, WS-Discovery, TFTP and DNS Resolver. The countries of origin for SNMP were USA, Republic of Korea, India, Brazil and Japan, while for SSDP the countries of origin were China, Republic of Korea, Venezuela, Taiwan and Japan.
Attackers are flocking to internet-exposed IoT devices running the UDP-based WS-Discovery protocol to launch ampliﬁed reflection DDoS attacks.
But less than half of WS-Directory attacks respond on port 3702 – 54% use high ports.
A10 Networks say that sophisticated DDoS threat intelligence, real-time threat detection and automated signature extraction can help protect your organisation against even the largest DDoS attacks.