Quiet before the storm?
The second quarter of this year was accompanied by a welcome lull in Distributed Denial of Service (DDoS) attack activity.
The total number of DDoS attacks decreased by 38.8% in Q2 2021 compared to the same period last year. The volume of incidents year-on-year was also down 6.5%, according to the latest DDoS trends report by Kaspersky.
“The overall situation in Q2 was relatively calm,” according to Kaspersky. “On average, the number of DDoS attacks fluctuated between 500 and 800 per day.”
The security firm added: “On the quietest day, only 60 attacks were recorded, and on the most intense, this reached 1,164.”
Bad guys need their holidays, too
Kaspersky reckons attackers taking vacations and a fall in the value of cryptocurrencies led to the spring DDoS lull.
Despite the relatively quiet months, several high-profile organizations fell victim to attacks. For instance, Microsoft cloud services including Xbox Live, Microsoft Teams, and OneDrive were affected by a DNS flood in early April.
Several (mostly European) ISPs were targeted by DDoS attacks during Q2. And in May, the Irish Health Service Executive was hit by an assault.
Turn up the volume
Kaspersky reports that over recent months the perpetrators of DDoS attacks have looked to increase the traffic volume or amplify their attacks. This has led to an increase in the number of attacks made through the Session Traversal Utilities for NAT (STUN) protocol.
Abuse of the STUN protocol, which is normally used to map internal IP addresses and ports hidden behind NAT to external addresses, can be abused to multiply the volume of junk traffic by a factor of 32 even before other techniques are brought into play.
Abusing STUN servers in this way can disable their functionality, a concern for the 75,000 organizations that Kaspersky estimates are operating vulnerable setups.
Looking ahead, Kaspersky warns that the recently discovered TsuNAME vulnerability in DNS resolvers ought to be addressed before it gets abused by cybercriminals.
The new abnormal
Cybersecurity firm Netscout also reports that the volume of DDoS attacks that took place in Q2 2021 decreased from the record-breaking numbers seen in the first quarter of the year.
Threat actors launched 2,488,048 DDoS attacks in Q2, a 13% decrease compared with the 2,863,882 attacks in Q1.
Netscout said: “Although attack frequency has dropped, these figures are nowhere near the attack numbers that were considered normal prior to the onset of the COVID-19 pandemic. The second quarter numbers from 2021 showed a continued high level of activity, with 13 percent more attacks in 2021 than 2019,” it added.