Just in:
2024 China Corporate Payment Survey: Payment delays continued to shorten, but corporates increasingly cautious // Blue Cross Partners with AlipayHK on Easter Promotion Travel Smart 5-day Single-trip Cover for Only HK$1 // Credit Rating Agency Maintains Positive Outlook for Kuwait // Sharjah Government Announces Remote Work for Employees // Cogent Realty Advisors Launches Guide to Most Collaborative Office Space for AI and Tech Companies In Downtown NYC // VinFast Founder launches Global EV Charging Stations Company V-Green // Fidelity Eyes Staking Rewards with Updated Ethereum ETF Proposal // ViewQwest Commits to Responsible Innovation in Brand Refresh // Deceptive Doc Trick: Phishing Campaign Targets US Businesses with Remote Access Trojan // Gold Loses Shine as Investors Eye Interest Rate Decisions // HKSTP Unveils Top 74 Global Startups Confirmed for EPiC 2024 Grand Finale // China Steers Toward Electric Vehicle Leadership // Dubai Holding’s Consolidation Move Raises Questions About Property Market Stability // Beyond Bullets and Barrels: UAE imports finance 125,000 US jobs // CAA’s Implementation Just Before National Election Looks Purely Political // Lingnan launches LingnanVerse 2.0 BETA to attract top students from all over the world // Axe Management Partners Completes Purchase of Three Osaka Hotels from CapitaLand Ascott Trust // Stepping into History: Saudi Arabia Launches Virtual Realm for Cultural Exploration // Whisky Hammer celebrates landmark 100th auction – its largest to date featuring over 5,000 lots // Maldives Tourism Triumphs: Visitor Numbers Surpass 100,000 for Third Consecutive Month This Year //
HomeBiz TechMirai DNS Water Torture finance sector attack dominated Q1: Akamai

Mirai DNS Water Torture finance sector attack dominated Q1: Akamai

1495068814 mirai dns water torture attack akamai

mirai-dns-water-torture-attack-akamai.png

Mirai DNS Water Torture attack payload, with target domain names redacted

Mirai DNS Water Torture distributed denial of service (DDoS) attacks dominated the first quarter of 2017, a report from Akamai has found.

According to Akamai’s State of the Internet/security Q1 2017 report, Water Torture attacks using this DNS query vector were first observed on January 11, 2017, targeting several of the company’s customers in the financial services industry.

ADVERTISEMENT

The attack activity began with five consecutive days of attacks — when one of three DNS servers received 14 Mbps of attack traffic — followed by a four-day reprieve before concluding with a final attack on January 20, 2017.

Water Torture follows normal DNS recursion paths, Akamai explained, and as a result, the attacker cannot select a specific IP address at the target site.

“Although DNS query attacks are not as common as DNS reflection attacks, this DNS query flood can potentially cause more damage than current DNS reflection attacks,” Akamai wrote. “If a targeted DNS server is unprepared for a sustained flood of queries with high packet rates.”

The Mirai DNS query flood does not use reflection or spoofing techniques, nor does it allow attackers to specify a target IP, rather it accepts a domain name as the target for a DNS cache-busting flood.

A randomised 12-character alphanumeric subdomain is prepended to the target domain and the attacking bots send their queries to their locally-configured DNS servers, which are typically DNS servers at local ISPs.

According to Akamai, the randomised subdomain is present to ensure that no intermediate recursive DNS server would have the response for that name cached locally, but, since the response cannot be cached, every query follows the usual path until it reaches an authoritative DNS server, which is the real target of the attack.

As a result, Water Torture can lead to a denial of service for legitimate users as each query ties up memory and processor cycles, preventing the target from processing legitimate traffic.

“If our analysis of Q1 tells us anything, it’s that risks to the internet and to targeted industry sectors remain and continue to evolve,” said Martin McKeay, senior security advocate at Akamai.

“Use cases for botnets like Mirai have continued to advance and change, with attackers increasingly integrating Internet of Things vulnerabilities into the fabric of DDoS botnets and malware.”

According to McKeay, it is a short-sighted approach to think of Mirai as the only threat, as with the release of the source code, any aspect of Mirai could be incorporated into other botnets.

“Even without adding Mirai’s capabilities, there is evidence that botnet families like BillGates, elknot, and XOR have been mutating to take advantage of the changing landscape,” he added.

The report also found there was a 35 percent year-over-year increase in total web application attacks from Q1 2016, as well as a 57 percent increase in attacks originating from the United States — which is the top attack source country.

There was a 30 percent decrease in total DDoS attacks; a 28 percent decrease in infrastructure layer three and four attacks; a 19 percent decrease in reflection-based attacks; and an 89 percent decrease in attacks greater than 100 Gbps over quarter one last year.

Akamai compiled its latest report [PDF] from analysis and research based on data from its global infrastructure and routed DDoS solution.

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
Credit Rating Agency Maintains Positive Outlook for Kuwait // Andertoons by Mark Anderson for Mon, 18 Mar 2024 // Maldives Tourism Triumphs: Visitor Numbers Surpass 100,000 for Third Consecutive Month This Year // Stepping into History: Saudi Arabia Launches Virtual Realm for Cultural Exploration // CAA’s Implementation Just Before National Election Looks Purely Political // Blue Cross Partners with AlipayHK on Easter Promotion Travel Smart 5-day Single-trip Cover for Only HK$1 // ViewQwest Commits to Responsible Innovation in Brand Refresh // Cracking Down on Exploitation: UAE Outlines Penalties for Organized Begging // 2024 China Corporate Payment Survey: Payment delays continued to shorten, but corporates increasingly cautious // Deceptive Doc Trick: Phishing Campaign Targets US Businesses with Remote Access Trojan // HKSTP Unveils Top 74 Global Startups Confirmed for EPiC 2024 Grand Finale // VinFast Founder launches Global EV Charging Stations Company V-Green // Beyond Bullets and Barrels: UAE imports finance 125,000 US jobs // National Push for Healthier Plates: Ministry Launches Campaign on Balanced Diets // China Steers Toward Electric Vehicle Leadership // Sharjah Government Announces Remote Work for Employees // Lingnan launches LingnanVerse 2.0 BETA to attract top students from all over the world // Axe Management Partners Completes Purchase of Three Osaka Hotels from CapitaLand Ascott Trust // 100 days of UAE’s COP28 presidency: Bouquets and brickbats // Cogent Realty Advisors Launches Guide to Most Collaborative Office Space for AI and Tech Companies In Downtown NYC //