DDoS attack

Supply Chain Attack Event — Targeted Attacks on Java Projects in GitHub

November 24, 2020

Preface

Recently, GitHub’s Security Incident Response Team (SIRT) published an article saying that a set of Github code repositories were serving open-source projects that were infected with malicious code (https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain). According to the article, attackers submitted malicious code to the open-source projects, which were referenced by other open-source projects. After being used by developers, these open-source projects with malicious code will search the developers’ machines for NetBeans IDE. If the IDE is found, all Java Archive (JAR) files created by NetBeans will be infected and loaders of malware will be implanted to ensure that the projects can release a remote administration tool (RAT).

(more…)

2020 Mid-Year DDoS Attack Landscape Report-4

September 1, 2020

At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by the
time this report was written. According to IP gang intelligence from the NSFOCUS Threat Intelligence (“NTI”), large quantities of source IP addresses involved in the attack were controlled by the IP gang IPGang01 we have continuously monitored. We will elaborate on it in the following “attack gangs” chapter.

(more…)

2020 Mid-Year DDoS Attack Landscape Report-3

August 29, 2020

From January to May 2020, except in April when the number of DDoS attacks was on a par with that a year earlier, the other months experienced a year-on-year decrease in the number. However, attack traffic in each month in the first half of 2020 increased year on year.

(more…)

2020 Mid-Year DDoS Attack Landscape Report-2

August 22, 2020

2020 Mid-Year DDoS Attack Landscape Report-1

August 18, 2020

Summary

  1. Global distribution of DDoS attacks: U.S. suffered the most DDoS attacks, and Japan received the largest volume of DDoS traffic.
  2. DDoS attack trend: March and April witnessed the most frequent DDoS attacks, and May saw the peak of attack traffic.
  3. DDoS attacks and COVID-19 pandemic: DDoS attacks fluctuated noticebly with the worldwide outbreak of the COVID-19 pandemic. Germany and the U.S. were two typical examples.
  4. Attack lethality: Compared with the first half of 2019, the first half of 2020 experienced a decline in the number of attacks withincreasing magnitute.
  5. Attack types: SYN flood and UDP flood remained dominant DDoS attacks.
  6. Attack duration: Short-duration and effective attacks were the norm, with 68% of the attacks lasting less than 5 minutes.
  7. Attack peak: May was exposed to the strongest attack, with the peak reaching 634.6 Gbps.
  8. Attack gangs: Among the 15 IP gangs under our continuous monitoring in the first half of 2020, the largest attack utilized 217,000 attack sources.
(more…)

635Gbps DDoS attack spike During Covid-19 Pandemic

May 22, 2020

NSFOCUS cloud scrubbing center witnessed a torrent of DDoS attack traffic, with peak volume up to 634.8 Gbps.

At 5 p.m. of May 20th, 2020, NSFOCUS SOC team detected an enormous DDoS attack – three IPs of a Hong Kong customer were hit by DDoS attacks and inbound traffic kept increasing sharply. As DDoS attack traffic constantly gushing into the scrubbing center, the peak attack traffic reached 634.8 Gbps, a new height encountered by NSFOCUS’s customers in the year of 2020. When NSFOCUS reported this event to the customer after the attack mitigation, they extended their grateful thanks to NSFOCUS and said selecting NSFOCUS Anti-DDoS solution was their best choice they made because they were well protected even when they were not aware of being targeted by DDoS attacks.

(more…)

DDoS Attack Landscape 8

May 20, 2020

Participation of IoT Devices in DDoS Attacks

According to our observation, there were a total of more than 1,280,000 IP addresses of abnormal IoT devices around the world, accounting for 2.1% of all global IoT devices. Of all those abnormal IoT devices, 170,000 were involved in DDoS attacks, making up 13.08% of the total.

(more…)

DDoS Attack Landscape 6

May 6, 2020

Activity of Attack Sources

Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)

Activity of Attack Sources

Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)

Activity of Attack Sources

Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)

DDoS Attack Landscape 5

April 22, 2020

Controlled DDoS Attack Sources

According to statistics, China was still home to the largest number of controlled DDoS attack sources (36.19%) in 2019, followed by the USA and UK. Although China’s ranking remained
unchanged in terms of the number, the proportion decreased compared with 2018. This indicates that China’s DDoS governance and defenses have yielded fruits. (more…)

DDoS Attack Landscape 4

April 15, 2020

Attack Distribution by Duration

In 2019, the average duration of DDoS attacks was registered at 52 minutes, an 18% increase from 2018. We noticed that the longest DDoS attack in 2019 lasted around 20 days, far longer than attacks detected in previous years.

In 2019, a DDoS attacks lasting less than 30 minutes accounted for 75%, approximate to the figure registered in 2018. The high proportion of short attacks signals that attackers are attaching more
and more importance to the attack cost and efficiency and are more inclined to overwhelm the target service with floods of traffic in a short time, getting users offline and causing high latency
and jitters. In addition, Botnet-as-a-Service (BaaS) and DDoS-as-a-Service (DDoS) have gained momentum for rapid development, which were also to blame for the prevalence of short attacks.
Thanks to their availability, platform users are able to launch massive attacks in a very short time as long as they are willing to pay a certain amount of money for a whole lot of mercenary attack resources4. In the long run, repeated burst attacks, which are under effective cost control, will greatly aggravate the quality of target services.

(more…)