Nexusguard research reveals 1,000% increase in DNS amplification attacks since last year

Enterprise networks and communications service providers (CSPs) need advance attack mitigation as DNS patch adoption creates new threats

�

SAN FRANCISCO,
UNITED STATES - Media OutReach – 16 September 2019 – DNS
amplification attacks swelled in the second quarter of this year, with the
amplified attacks spiking more than 1,000% compared with Q2 2018, according to
Nexusguard’s “Q2 2019 Threat Report.” Nexusguard researchers attributed
Domain Name System Security Extensions (DNSSEC) with fueling the new wave of
DNS amplification attacks, which accounted for more than 65% of the attacks
last quarter according to the team’s evaluation of thousands of worldwide DDoS
attacks. DNSSEC was designed to protect applications from using forged or
manipulated DNS data, and its growing adoption suggests that DNS amplification
risks won’t disappear for service providers or enterprise networks anytime
soon.

According to the quarterly report,
Paypal.com and multiple government domains fell victim to rampant DNS abuses,
likely due to many of these domains deploying DNSSEC to the top-level .gov
domain, as required by the U.S. government’s mandate from the Office of
Management and Budget. When blocking DNS amplification attacks, it’s not
realistic to drop all DNS associated traffic, since users rely on DNS services
to access the Internet, and the tactic could deny service to paying customers.
Nexusguard researchers warn that service providers must ensure their attack
mitigation technology is advanced enough to ensure server availability to
legitimate end users, to ensure their access doesn’t become collateral damage.

“Although the adoption of DNSSEC is
gaining wider acceptance as the patch for fixing DNS cache poisoning, it is now
causing a new set of problems for organizations and service providers,” said
Juniman Kasman, chief technology officer for Nexusguard. “Due to the long responses
they generate, attackers often abuse DNSSEC to launch amplification attacks
that clog victim networks and hosts, which will remain a significant threat in
the future.”

Nexusguard findings also confirm that
“bit and piece” attacks continued to spread this quarter, adopted for attacks
across Europe, North America and Africa. Mobile devices also continued to contribute
to DDoS attacks, which primarily originated from iOS mobile devices in addition
to botnet-hijacked Windows machines. Nexusguard’s quarterly DDoS threat
research gathers attack data from botnet scanning, honeypots, CSPs and traffic
moving between attackers and their targets to help companies identify
vulnerabilities and stay informed about global cyber security trends. Read the
full “Q2 2019 Threat Report” for more details.

About Nexusguard

Founded
in 2008, Nexusguard is a leading cloud-based distributed denial of service
(DDoS) security solution provider fighting malicious internet attacks.
Nexusguard ensures uninterrupted internet service, visibility, optimization and
performance. Nexusguard is focused on developing and providing the best
cybersecurity solution for every client across a range of industries with
specific business and technical requirements. Nexusguard also enables
communication service providers to deliver DDoS protection solution as a
service. Nexusguard delivers on its promise to provide you with peace of mind
by countering threats and ensuring maximum uptime. Visit www.nexusguard.com for more information.