Menu
Fearsome new DDoS attacks can amplify the impact up to 35 times, says Darkscope

Fearsome new DDoS attacks can amplify the impact up to 35 times, says Darkscope

Two new DDoS attack vectors target IT infrastructure, not the homepage

Credit: Photo 60837568 © Rafael Ben Ari - Dreamstime.com

Cyber security firm Darkscope is trying to fill in the blanks on the massive denial of service attack on New Zealand's stock exchange (NZX) over the past few days.

Distributed denial of service attacks, with ransom demands, are occurring more frequently, lasting longer and are more complex than in the past, the Wellington-based company said.

They include new attack vectors which can defeat existing defensive systems typically deployed to reroute and stop them.

Attacks credited to the Russian cyber espionage group “Fancy Bear" demanded a bitcoin ransom prior to the attack being launched, a ransom that increased daily.

The attackers typically initiated a small half-hour attack ranging from 40 to 60 Gbit/s, on a specifically chosen IP address belonging to the victim’s network.

"One main difference with these attacks is that they are not aimed at the organisation’s homepage, but target areas in the corporate IT infrastructure which are often inadequately protected," Darkscope said.

"These include original IP addresses and internal servers. Because of this targeting, companies can be defenceless against the attacks even if they have implemented DDoS protection, as we have seen with NZX."

Attacks have since spread to target media organisations, TSB Bank and MetService, which has gone offline intermittently with users being redirected to a backup site delivering safety critical information.

The attackers are using at least eight vectors to launch DDoS attacks and amplify the disruption, including two relatively new ones, Web Service Dynamic Discovery (WSD) and Apple's Remote Management Service (ARMS). 

WSD as a DDOS attack vector has only been known about since the beginning of 2019. General awareness of its effect was not understood until thee third quarter of 2019 when details emerged that the attackers had employed this new attack vector into their toolkit. 

When implemented the two vectors can amplify the intensity of the attack up to 35 times.

Other vectors include Simple Service Discovery Protocol (SSDP), Network Time Protocol (NTP), Domain Name System (DNS), Lightweight Directory Access Protocol (CLDAP), SYN and Internet Control Message Protocol (ICMP).

"When all eight vectors are deployed together, the attack is very difficult to stop even with the best defensive systems, as we have seen with the attacks on the NZX," Darkscope said.

It was unclear whether the attacks on the NZX, Stuff and Radio NZ sites were from Fancy Bear, the company said. 

"In fact, it is unlikely as these attacks do not match Fancy Bear's typical behaviour. To date, the attacked organisations and the GCSB are silent on whether ransoms have been demanded or paid."

The NZX succumbed to the attacks again today, but for a much shorter period than previously, before recovering.

Darkscope said its experience through daily monitoring millions of internet sites and dark web activity was that these types of attack were often geographically clustered.

"We see similar attacks occurring and recurring in one country before moving to the next. What is clear is that this new form of attack is being targeted at New Zealand organisations and we should expect this to continue for some time to come."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags DDoS attacksNZXdenial of service attacksDarkscope

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments