A unique DDoS method that unfolded years ago is making waves in the Internet world. Dubbed as Mongol, the threat’s mechanism involves injecting fragments of junk code into legitimate Internet traffic to avoid detection.
Security firm Nexusguard which captured Mongol’s activity in its report indicates that DDoS attacks are leaning on ISPs to meet their malicious gains. Ultimately, Mongol’s idea is to conduct an attack once enough IP addresses are infected.
ISPs under danger
Juniman Kasman, CTO for Nexusguard opines that Mongol can bring out large scale attacks by leveraging ISPs without even knowing them.
“Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. Diffused traffic can cause communications service providers to easily miss large-scale DDoS attacks in the making.” Kasman told ThreatPost.
These ‘bit-and-piece’ attacks circumvent the ISP’s defense by depending on methods such as black-holing, which disables access for legit Internet services. Furthermore, the attackers rely on publicly available open domain name system (DNS) since they can be filled with traffic to start an attack.
An extensive recon
Nexusguard also mentioned that Mongol-like methods collect extensive information on networks out there and target IP addresses that are vulnerable.
“In the past, attackers tended to zero in on a small number of high-traffic IPs to cause congestion. This sophisticated tactic leads us to believe that such intelligence might be coming from insiders with knowledge of those IP prefixes that are most vulnerable to DDoS attacks.” said the report. As a result, ISPs face trouble when it comes to mitigating threats like Mongol.
Publisher