Domain Name Server (DNS) amplification attacks, a type of distributed denial of service (DDoS) incident, are on the rise, claims a new report from Lumen Technologies, making traditional DDoS attacks more complex and harder to detect. I add that it is getting harder.
26% of all single-vector attacks in Q1 2023 utilized DNS amplification, according to a Lumen report based on data from the company’s tools and ThreatX, Lumen’s API and application protection partner.
This represents a 417% increase quarter over quarter. Of these, the most common DNS amplification method is also one of the most sophisticated known as the “DNS water torture attack”.
In a DNS amplification attack, an attacker uses publicly accessible open DNS servers to flood a target with DNS reply traffic. DNS water torture attacks render DNS servers incapable of responding to valid DNS queries, the researchers explained, citing the need for a comprehensive DDoS mitigation solution to protect against these attacks.
Apart from DNS amplification, attackers also used other vectors such as ICMP, TCP RST, TCP SYN/ACK amplification and UDP amplification.
“Because each vector targets specific ports, protocols, and systems, mitigating these complex attacks is extremely difficult,” the report concludes.
Discussing DDoS attacks in general, Lumen says the volume continues to be high. The company said he mitigated more than 8,600 such attacks in the first quarter of this year. This represents a 40% increase over the previous year. Additionally, Q1 2023 was his second busiest quarter in the last two years.
In most cases, threat actors launch attacks on holidays, when the number of active staff in the enterprise is generally low. They concluded that the busiest holiday in the first quarter was Martin Luther King Jr. Day.
“The pace at which businesses and other organizations are expanding their digital footprints has increased over the past few years,” said Peter Brecl, director of product management for DDoS mitigation and application protection at Lumen.
“As the attack surface grows, threat actors have more opportunities to launch attacks. This type of comprehensive coverage – features like DDoS mitigation, API protection, web application firewall, bot risk management, and more ensure critical business functions are up and running even under active attacks can do.”