Hackers Shifting DDoS Attacks to VPS Infrastructure

Cloudflare released a threat report for DDoS of Q1 2023, showing that cyber threat actors use VPS-based attack vectors instead of compromised IoT (Internet of Things) devices.

DDoS is an abbreviation for Distributed Denial of Service attack in which threat actors send multiple requests that a web server cannot handle, making the server unavailable for usage.

2023 started with attack campaigns targeting banks, airports, healthcare, and universities. Pro-Russian Telegram-organised groups mainly conducted these attacks, like Killnet and AnonymousSudan.

Other threat actors who perform hyper-volumetric DDoS attacks are on the rise, with one of the attacks ranging to a maximum of 71 Million requests per second which is higher than Google’s highest recorded request of 46 million. However, Neither Killnet nor AnonymousSudan was responsible for this hyper-volumetric attack.

Cloudflare requested organizations to take preventive measures to protect their businesses from threat actors. Another powerful attack that Cloudflare handled and mitigated was an attack on a South American Telecommunications provider.

The attack reached a maximum of 1.3 Tbps (Terabits per second) which did not last more than a minute. The attack analysis showed traffic originating from the US, Brazil, Japan, Hong Kong, and India as a multi-vector attack involving DNS and UDP traffic. 

As per Cloudflare reports, further analysis of the attack revealed that it was part of a broader campaign that includes multiple Terabit-strong attacks from a 20,000-strong Mirai-Variant botnet.

VPS for Increased Power

Older methods of DDoS involved using a large number of botnets that are usually IoT devices like security cameras or other small devices.

This usually accounts for hundreds of thousands or millions of devices which is enough to disrupt their targets. However, these devices must be exploitable to craft the attack.

Modern DDoS attacks use virtual private servers that amount to just a fraction of the devices used in the older methods. These servers are powerful to generate multiple requests, allowing attackers to conduct a DDoS attack much simpler and more efficiently.

Virtual Private Servers were introduced to help businesses create high-performance applications, which are now a haven for cyber threat actors.

Threat actors gain access to these vulnerable servers and pivot their way into management consoles using leaked API credentials. 

As per reports from Cloudflare, “Cloudflare has been working with key cloud computing providers to crack down on these VPS-based botnets. Substantial portions of such botnets have been disabled thanks to the cloud computing providers’ rapid response and diligence. Since then, we have yet to see additional hyper-volumetric attacks — a testament to the fruitful collaboration“.

Furthermore, the reports said 16% of their surveyed customers had faced a Ransom DDoS attack which seems to be low. However, this accounts for a 60% increase compared to previous reports.

Two majorly targeted industries were Broadcast media and Non-profit organizations. Also, Finland has the highest traffic from which HTTP DDoS attacks originated, and Israel was the most targeted country. 

Cyber attacks above 100 Gbps have increased by 6% Quarter on Quarter. DNS-based attacks became the most popular. Cloudflare has released a complete analysis of the Q1 2023 DDoS attack vector.

Cloud computing has become increasingly demanding for all businesses, and most are migrating to cloud environments. Unfortunately, threat actors are also rising since technological advancements create additional space for attackers to conduct malicious activities.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Related Coverage:

Source: gbhackers.com