DDoS attacks are getting more complex and harder to spot

Concept art representing cybersecurity principles
(Image credit: Shutterstock / ZinetroN)

Domain Name Server (DNS) Amplification attacks, a form of Distributed Denial of Service (DDoS) incidents, are on the rise, a new report from Lumen Technologies has claimed, adding that classic DDoS attacks are growing more complex, and harder to spot.

Lumen's report, based on data from company tools, as well as Lumen's API and application protection partner, ThreatX, claims 26% of all single-vector attacks in Q1 2023 leveraged DNS amplification. 

That equates to a 417% increase quarter-over-quarter. Of these, the most common DNS amplification method is also one of the most sophisticated ones - called “DNS water torture attack”.

Challenging mitigation

In a DNS Amplification attack, attackers would use publically accessible open DNS servers to flood a target with DNS response traffic. With DNS water torture attacks, the DNS server is prevented from responding to valid DNS queries, the researchers explained, saying that a comprehensive DDoS mitigation solution is needed to protect against these attacks.

DNS Amplification aside, the threat actors also used other vectors, such as ICMP, TCP RST, TCP SYN/ACK Amplification and UDP amplification.

“Because each vector targets specific ports, protocols and systems, these complex attacks are significantly more difficult to mitigate,” the report concludes.

Discussing DDoS attacks in general, Lumen says its volume continues to be high. The company mitigated more than 8,600 such attacks in the first quarter of the year, representing a 40% increase year-on-year. Furthermore, Q1 2023 was the second-busiest quarter in the last two years.

Most of the time, the threat actors would launch their attacks over holidays when the number of active staff in a company is generally lower. The busiest holiday in Q1 was Martin Luther King, Jr. Day, they concluded.

"The pace at which companies and other organizations have been expanding their digital footprints has increased over the past few years," said Peter Brecl, Lumen's director of product management for DDoS mitigation and application protection.

"The larger attack surface creates more opportunities for threat actors to launch attacks. The only way to protect that digital presence is to deploy a holistic solution that includes network protection, application-layer protection, and application acceleration capabilities. This type of comprehensive coverage – including DDoS mitigation, API protections, Web Application Firewalls and Bot Risk Management – helps ensure that critical business functions stay up and running – even when under an active attack."

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.