The report claims that the majority of network DDoS attacks rely on multi-vector offensive tactics as it increases the attacker’s chance of success by targeting several different networking or infrastructure resources. Furthermore, in the last 90 days, 81 per cent of all network attacks employed at least two different attack methods, with almost 39 per cent using three or more different attack methods simultaneously.
Combinations of offensive techniques are also being used to create “smokescreen” effects, where one attack is used to create noise, diverting attention from another attack vector.
Moreover, multi-vector methods enable attackers to exploit holes in a target’s security perimeter, causing conflicts in automated security rules and spreading confusion among human operators. Multi-vector attacks can also be used to gather the information needed to allow future attacks to weave their way past the defender’s layers of security.
The multi-vector approach, which is already used by the vast majority of all network attacks, is a clear indication of attackers’ familiarity with current DDoS protection methods and the ways in which these methods can be bypassed and overcome. This fact is also highlighted by their “weapons of choice”: i.e., large SYN floods, NTP Amplification and DNS Amplification.
Based on average data from the last 90 days, the most common network attack method was a combination of two types of SYN flood attacks – one using regular SYN packets and another using large SYN (above 250 bytes) packets.
In this scenario, both attacks are executed at the same time, with the regular SYN packets used to exhaust server resources (e.g., CPU) and large SYN packets used to cause network saturation.
Today, SYN combo attacks account for 75 per cent of all large scale network DDoS events (attacks peaking above 20Gbps). Overall, large SYN attacks are also the single most commonly used attack vector, accounting for 26 per cent of all network DDoS events.
During January and February of 2014, however, a significant increase in the number of NTP Amplification attacks was noted. In fact, this reached the point where, in February, NTP Amplification attacks became the most commonly used attack vector for large scale network DDoS attacks.
Share this story