DNS amplification attacks continue to increase in number, growing 4,788% over Q3 2018, according to Nexusguard´s Q3 2019 Threat Report, the company said .
DNSSEC (Domain Name System Security Extensions) remains the main driver of growth of DNS amplification attacks in the quarter, yet Nexusguard analysts have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN Flood is not a new method, but findings indicate that techniques have grown in sophistication and have emerged as the third most used attack vector, behind DNS amplification and HTTP flood attacks.
Cyberattackers have long favored DDoS attacks that amplify damage beyond the resources required, but suitable reflectors or amplifiers are not as widely available for DNS amplification and memcached reflection attacks. In contrast, any server with an open TCP port is an ideal attack vector, and such reflectors are widely available and easy to access to cause SYN Flood reflection attacks.
Report findings also showed that 44% of Q3 attack traffic came from botnet-hijacked Windows OS computers and servers. The second largest source of traffic came from iOS-equipped mobile devices. The total number of attacks has mirrored patterns observed in 2019, with Q1 seeing the highest number attacks and numbers dropping over Q2 and Q3. While attack volume has decreased since Q2 2019, levels grew more than 85% compared to the same quarter last year. More than half of all global attacks originated in China, Turkey or the United States.
Founded in 2008, Nexusguard is a cloud-based distributed denial of service (DDoS) security solution provider fighting malicious Internet attacks. Nexusguard ensures uninterrupted Internet service, visibility, optimization and performance. Nexusguard is focused on developing and providing the best cybersecurity solution for every client across a range of industries with specific business and technical requirements. Visit www.nexusguard.com for more information.
