A10 Networks reveal the
DDoS weapons and attack
vendors which businesses face
A10 Networks tracked nearly
six million DDoS weapons in
Q4 2019. Here’s what they
discovered about the threats
targeting companies today.
SEEN IN BRAZIL
KONG, INDIA AND
A10 Networks, a provider of intelligent
and automated cybersecurity
solutions, has announced the release
of its research carried out into DDoS weapons
and attack vendors. The research revealed
that SNMP and SSDP remain the top sources
for DDoS attacks, but they tracked nearly
800,000 WS-Discovery sources for exposed
reflection amplification as well.
The report revealed 1,390,505 SNMP
weapons and 1,196,798 SSDP weapons
were tracked, while 781,147 WS-Discovery
weapons, 661,810 TFTP weapons and
389,956 DNS Resolver weapons were tracked.
DDoS-for-hire services and other attackers
continually scan for fresh TCP and UDP
services to exploit, while the top countries
hosting DDoS weapons align closely with
the top ASNs where they connect. The
top countries were China with 739,223
DDoS weapons, the USA with 448,169, the
Republic of Korea with 440,185, India with
268,864, Russia with 253,609 and Taiwan
with 199,656 DDoS weapons.
The research also revealed that China hosts
nearly a quarter of observed DDoS botnet
agents (24%), with Brazil next with 9%, Iran
with 6%, Taiwan with 4% and Thailand with
4%. Attacking drones are most often seen
in Brazil followed by Thailand, Hong Kong,
India and Russia.
Connected devices are expanding
exponentially and they offer fertile ground
for DDoS botnets. 5G will supercharge that
growth. The Mirai malware family leads the
pack so far.
With reflected amplification, attackers
exploit UDP-based protocols to launch the
largest DDoS attacks ever seen. The top
reflected amplification protocols were SNMP,
SSDP, WS-Discovery, TFTP and DNS Resolver.
The countries of origin for SNMP were USA,
Republic of Korea, India, Brazil and Japan,
while for SSDP the countries of origin were
China, Republic of Korea, Venezuela, Taiwan
Attackers are flocking to internet-exposed
IoT devices running the UDP-based WS-
Discovery protocol to launch amplified
reflection DDoS attacks.
But less than half of WS-Directory attacks
respond on port 3702 – 54% use high ports.
A10 Networks say that sophisticated DDoS
threat intelligence, real-time threat detection
and automated signature extraction can
help protect organisations against even the
largest DDoS attacks. •
28 INTELLIGENTCIO www.intelligentcio.com