NSFOCUS Protected an IDC Customer Against Volumetric Mixed DDoS Attacks
June 11, 2021
ABOUT CUSTOMER Based in APAC, company A provides comprehensive IDC services for the world’s top 500 as well as many small and medium enterprises. Other than server rental and hosting, company A also cooperates with NSFOCUS to provide server rental service with advanced protection against DDoS attacks. The investment in DDoS protection not only protects […]
A Global DTLS Amplification DDoS Attack Is Ongoing
January 1, 2021
Attackers are targeting Citrix ADC (Application Delivery Controller) and utilize it to launch amplification attacks. However, no official patch has been released yet.
(more…)Supply Chain Attack Event — Targeted Attacks on Java Projects in GitHub
November 24, 2020
Preface
Recently, GitHub’s Security Incident Response Team (SIRT) published an article saying that a set of Github code repositories were serving open-source projects that were infected with malicious code (https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain). According to the article, attackers submitted malicious code to the open-source projects, which were referenced by other open-source projects. After being used by developers, these open-source projects with malicious code will search the developers’ machines for NetBeans IDE. If the IDE is found, all Java Archive (JAR) files created by NetBeans will be infected and loaders of malware will be implanted to ensure that the projects can release a remote administration tool (RAT).
(more…)2020 Mid-Year DDoS Attack Landscape Report-4
September 1, 2020
At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by the
time this report was written. According to IP gang intelligence from the NSFOCUS Threat Intelligence (“NTI”), large quantities of source IP addresses involved in the attack were controlled by the IP gang IPGang01 we have continuously monitored. We will elaborate on it in the following “attack gangs” chapter.
2020 Mid-Year DDoS Attack Landscape Report-3
August 29, 2020
From January to May 2020, except in April when the number of DDoS attacks was on a par with that a year earlier, the other months experienced a year-on-year decrease in the number. However, attack traffic in each month in the first half of 2020 increased year on year.
(more…)2020 Mid-Year DDoS Attack Landscape Report-1
August 18, 2020
Summary
- Global distribution of DDoS attacks: U.S. suffered the most DDoS attacks, and Japan received the largest volume of DDoS traffic.
- DDoS attack trend: March and April witnessed the most frequent DDoS attacks, and May saw the peak of attack traffic.
- DDoS attacks and COVID-19 pandemic: DDoS attacks fluctuated noticebly with the worldwide outbreak of the COVID-19 pandemic. Germany and the U.S. were two typical examples.
- Attack lethality: Compared with the first half of 2019, the first half of 2020 experienced a decline in the number of attacks withincreasing magnitute.
- Attack types: SYN flood and UDP flood remained dominant DDoS attacks.
- Attack duration: Short-duration and effective attacks were the norm, with 68% of the attacks lasting less than 5 minutes.
- Attack peak: May was exposed to the strongest attack, with the peak reaching 634.6 Gbps.
- Attack gangs: Among the 15 IP gangs under our continuous monitoring in the first half of 2020, the largest attack utilized 217,000 attack sources.
635Gbps DDoS attack spike During Covid-19 Pandemic
May 22, 2020
NSFOCUS cloud scrubbing center witnessed a torrent of DDoS attack traffic, with peak volume up to 634.8 Gbps.
At 5 p.m. of May 20th, 2020, NSFOCUS SOC team detected an enormous DDoS attack – three IPs of a Hong Kong customer were hit by DDoS attacks and inbound traffic kept increasing sharply. As DDoS attack traffic constantly gushing into the scrubbing center, the peak attack traffic reached 634.8 Gbps, a new height encountered by NSFOCUS’s customers in the year of 2020. When NSFOCUS reported this event to the customer after the attack mitigation, they extended their grateful thanks to NSFOCUS and said selecting NSFOCUS Anti-DDoS solution was their best choice they made because they were well protected even when they were not aware of being targeted by DDoS attacks.
(more…)DDoS Attack Landscape 8
May 20, 2020
Participation of IoT Devices in DDoS Attacks
According to our observation, there were a total of more than 1,280,000 IP addresses of abnormal IoT devices around the world, accounting for 2.1% of all global IoT devices. Of all those abnormal IoT devices, 170,000 were involved in DDoS attacks, making up 13.08% of the total.
(more…)DDoS Attack Landscape 6
May 6, 2020
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)