Research looks at DDoS attacks passing through scrubbing centres

Distributed Denial of Service (DDoS) attacks continue to evolve in complexity, frequency and scale. Lumen Technologies tracks and mitigates these threats including the Gafgyt and Mirai botnet families and the company released its quarterly DDoS report for Q1 2021. This research provides a view of the DDoS landscape with findings that both reinforce and expand on these trends.

To create the report, the security team at Lumen looked at intelligence from Black Lotus Labs the company’s threat research arm and attack trends from the Lumen DDoS Mitigation Service platform, which integrates countermeasures directly into the company’s extensive and deeply peered global network.

“As organisations’ dependency on applications to generate revenue deepens, many are realising they can no longer risk foregoing essential DDoS defenses. The information in this report is more evidence of that,” says Mike Benjamin, Lumen vice president of security and Black Lotus Labs. “As IoT DDoS botnets continue to evolve, Lumen is focused on leveraging our visibility to identify and disrupt malicious infrastructure.”

Key findings:

The attack sizes in the DDoS report convey the largest attacks scrubbed by Lumen global DDoS scrubbing infrastructure, rather than the largest attacks observed transiting the Lumen network.

IoT Botnets:

  • Well-known IoT botnets like Gafgyt and Mirai remain serious DDoS threats, with 700 active Command and Control servers (C2s) attacking 28,000 unique victims combined.
  • Lumen tracked nearly 3,000 DDoS C2s globally in Q1. The most were hosted in Serbia (1,260), followed by the United States (380) and China (373).
  • Of the most active global C2s that Lumen observed issuing attack commands, the United States had the most (163), followed by the Netherlands (73) and Germany (70).
  • Lumen tracked more than 160,000 global DDoS botnet hosts. Nearly 42,000 were in the United States the most of any country.

DDoS attack trends

  • The largest attack Lumen measured by bandwidth scrubbed was 268 Gbps; the largest attack measured by packet rate scrubbed was 26 Mpps.
  • The longest DDoS attack period Lumen mitigated for an individual customer lasted almost two weeks.
  • Multi-vector mitigations represented 41% of all DDoS mitigations, with the most common using a DNS query flood combined with a TCP SYN flood.
  • The top three industries targeted in the 500 largest attacks in 1Q21 were, Finance, Software and Technology, and Government.

Tracking user diagram protocol (UDP) reflectors

One of the key tools in the hands of cybercriminals seeking to increase the bandwidth of their attacks is UDP-based reflection leveraging services such as Memcached, CLDAP and DNS.

Through this process, an attacker spoofs a source IP, then uses an intermediary server a reflector to send massive response packets to the victim’s IP rather than back to the attacker.

Black Lotus Labs leverages the visibility from its extensive global network to identify services potentially being leveraged to launch these types of attacks.

Based on data from 1Q21, Black Lotus Labs sees Memcached, CLDAP and DNS services being actively exploited today.

For a more detailed look at UDP reflectors, read the latest Black Lotus Labs blog, Tracking UDP Reflectors for a Safer Internet.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

OCF celebrates pulse systems’ installation of newly certified IoT platform for smart lighting

Posted on: December 6, 2021

The Open Connectivity Foundation (OCF) has announced the first installation of the recently-certified low power IoT platform, from OCF member Cascoda, that combines the end-to-end security benefits of OCF and the low power, wide-area coverage advantages of Thread.

Read more

Green Custard Ltd develop robust predictive maintenance system for Martin Engineering Ltd

Posted on: December 6, 2021

Green Custard Ltd, a professional services company and AWS Advanced Consulting partner, together with Eseye Ltd (also an AWS partner) has been selected by Martin Engineering Ltd to build a global predictive maintenance and monitoring platform on AWS so their localised US platform can be rolled out internationally.

Read more