Large-Scale DDoS Attack Techniques Evolve Further

• Earlier this month, Israeli researchers disclosed a new NXNSAttack method, which is essentially a vulnerability in the way DNS servers operate. It is based on the fact that when any DNS server cannot resolve the request it receives, it delegates the request to a authoritative DNS server for resolution.
• Using NXNSAttack, a hacker could configure his own authoritative DNS server in such a way that it could overwhelm the targeted DNS servers. Then the attacker can raise a specific DNS request, for which the resulting traffic for targeted DNS servers gets amplified by 1,620 times the original request, thereby choking and possibly crashing the targeted DNS Servers and their networks.
• This vulnerability impacts the commonly used DNS server software including ISC BIND (CVE-2020-8616), NLnet labs Unbound (CVE-2020-12662), PowerDNS (CVE-2020-10995), and CZ.NIC Knot Resolver (CVE-2020-12667).
• This vulnerability also impacts commercial DNS services offered by several renowned providers including Cloudflare, Google, Amazon, Microsoft, Oracle (DYN), Verisign, IBM Quad9, and ICANN.

Recently discovered DDoS attack methods

• In September 2019, Akamai reported that an attacker was observed leveraging a UDP amplification technique known called Web Services Dynamic Discovery (WSD) to target one of its customers. This attack technique amplified the request by a factor of 7 to 153 times, making WSD a popular protocol to perform DDoS attacks.
• In February 2019, attackers were seen abusing the Constrained Application Protocol (CoAP) for the reflection/amplification of distributed denial of service (DDoS) attacks. This type of attack provides an average amplification factor of 34. The vast majority of Internet-accessible CoAP devices are located in China and they utilize a mobile peer-to-peer (P2P) network.

Historic DDoS attacks that shook the internet

• On March 5, 2018, the world witnessed a record-breaking DDoS attack when Arbor Networks disclosed that its unnamed US service provider has faced a 1.7 Tbps DDoS attack. The attack was identified as a Memcached reflection and amplification attack, that used thousands of misconfigured Memcached servers and had an amplification factor of 51,000.
• On March 1, 2018, Github had disclosed that it was hit with the largest-ever DDoS attack (till that day), causing disruptions in its networks on February 28, 2018. The attack was carried out in two waves, the first wave peaked at 1.35 Tbps, while the second wave spiked to 400 Gbps, with an amplification factor up to 51,000.
• Few other notable attacks include the Mirai malware-based DDoS attack on Dyn (2016), GitHub DDoS attack (2015), and the Spamhaus DDoS attack (2013).