FBI warns of disruptive DDoS amplification attacks


FBI warns of disruptive DDoS amplification attacks

The Federal Bureau of Investigation (FBI) has issued an alert warning private sector organizations in the United States about a ramp-up in the use of built-in network protocols for large-scale distributed denial-of-service (DDoS) amplification attacks.

“A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim. Typically, the attacker spoofs the source Internet Protocol (IP) address to appear as if they are the victim, resulting in traffic that overwhelms victim resources,” wrote the FBI. The alert has been posted online, including on the website of the the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).

The FBI highlights recent threat vectors and developments, noting that the first DDoS amplification attacks to abuse the network protocols go back to December 2018, when cybercriminals exploited the multicast and command transmission features of the Constrained Application Protocol (CoAP). Most of the internet-accessible CoAP devices can be found in China and are using peer-to-peer networks.

During the summer of 2019, attackers took aim at the Web Services Dynamic Discovery (WS-DD) protocol to launch more than 130 DDoS attacks, some of which achieved a magnitude of 350 Gigabits per second. Internet of Things (IoT) devices use WS-DD protocols to automatically detect other devices nearby and since there are 630,000 with this protocol enabled, they can be attractive targets used to amplify DDoS attacks. That same year, researchers also reported a rise in the use of misconfigured IoT devices in amplified DDoS attacks.

In October 2019, miscreants abused the Apple Remote Management Service (ARMS), a part of the Apple Remote Desktop (ARD), to conduct DDoS amplification attacks. This protocol is usually employed by large organizations to manage their Apple computers.

Making matters worse, in February 2020 researchers found a vulnerability in the built-in network discovery protocols of Jenkins servers, which could potentially allow attackers to amplify DDoS attack traffic a hundredfold against their victims. There is no record of the flaw being exploited so far, but the FBI highlighted the resulting increase in the attack surface.

Continue Reading

FBI warns of disruptive DDoS amplification attacks