According to a recent Radware report, the global number of DDoS attacks has increased by 150%, while the volume of DDoS attacks increased by 32% between 2021 and 2022. Not only are DDoS attacks on the rise, but they are as diverse as they are sophisticated. They are armed as part of nation-state attacks and cyber warfare strategies; used by hacktivists to attract publicity for their political views; carefully disguised to fly under the radar, fooling even the biggest cloud providers.
To make matters even more complicated, attackers can wreak havoc with little or no knowledge of networks and cyberattacks. Backed by a growing range of online marketplaces, attack tools, and services are easily accessible, making the pool of possible attacks larger than ever.
As a result, it’s more crucial than ever to ensure organizations’ mitigation solutions provide comprehensive protection against a wide range of DDoS attacks.
Here are eight of the most common and sophisticated DDoS attacks the companies should prepare to combat.
- Burst attacks and advanced persistent denial-of-service (APDoS) campaigns include short bursts of high-volume attacks lasting 15-60 seconds at random intervals and attacks that can last for weeks, involving multiple vectors targeting all layers of the network simultaneously. This type of attack tends to cause frequent interruptions in network performance and SLAs, preventing legitimate users from accessing services.
As attack vectors can change through individual bursts, signatures need to be constantly adapted – a process that can be laborious, not to mention infeasible. A behavior-based DDoS protection technology that utilizes machine learning algorithms is required to defend against burst attacks.
- DNS attacks are exploits in which an attacker takes advantage of vulnerabilities in a domain name system (DNS), a service run by a third party and therefore, more difficult to protect than an organization’s assets. DNS attacks remain highly attractive to attackers as they require relatively few resources and can not only severely damage critical DNS infrastructure, but also threaten and disrupt customers that rely on. Because when there is no DNS, there is no service. Sophisticated attackers take advantage of weaknesses in the DNS protocol to generate more powerful attacks, including DNS “water torture”. Mitigating these attacks requires tools that can learn and gain in-depth knowledge of DNS traffic behavior.
- Dynamic content and CDN-based attacks are insidious. Organizations use Content delivery network (CDN) providers to support the overall website performance and applications. Unfortunately, CDNs provide dangerous cover for attacks, as organizations cannot block traffic from CDN IP addresses.
Malicious actors artfully spoof IP addresses to obfuscate their identity and masquerade as seemingly legitimate users based on geolocation or positive reputation information. Dynamic content attacks further exploit CDN-based protection by overwhelming origin servers with requests for uncloaked content that CDN nodes pass along.
- SSL/TLS and encrypted attacks use SSL protocols to mask and further complicate traffic from network attacks and application-level threats. Many security solutions use a passive mechanism to protect against SSL attacks. They cannot effectively differentiate encrypted attack traffic from encrypted legitimate traffic, limiting only the request rate.
- IoT botnets can be useful or not. While robotic process automation and other good bots help speed up productivity and business processes such as data collection and decision-making, malicious bots can create a large-scale DDoS attack on your network and services. Organizations continue to rely on conventional security solutions to assess bot traffic, but today’s sophisticated bad bots can mimic human behavior and bypass CAPTCHAs and other older technologies and heuristics.
- Layer 7 application DoS attacks target resource exhaustion using the well-known Hypertext Transfer Protocol (HTTP), HTTPS, SMTP, FTP, VOIP, and other application protocols that have exploitable weaknesses, allowing DoS attacks. As with attacks targeting network resources, attacks targeting application resources are varied, including flooding and ‘low and slow’ attacks.
- Ransom DDoS attacks involve perpetrators sending an email threatening to attack an organization, making its business, operations, or capacity unavailable unless a ransom is paid on time. The number of these attacks is growing annually, and they usually take the form of a volumetric DDoS attack. RDoS attacks are insidious because they don’t require the attacker to break into the target’s network or applications.
- Reflection/amplification attacks take advantage of a disparity in request and response relationships in certain technical protocols. Attackers send packets to reflector servers with a source IP address spoofed to their victim’s IP, indirectly overloading the victim with response packets.
At high rates, these responses have spawned some of the largest volumetric DDoS attacks to date. A common example is a reflexive DNS response attack.