Cybercriminals are on the lookout for new ways to amplify DDoS attacks

The fastest way to hurt a business is to physically stop its owners being able to provide the service that they want to offer customers. In the real world, this is difficult to do, short of sending a group of mean-looking individuals to stand outside a workplace, terrorizing potential customers and employees so that they cannot enter a particular premises. In the digital world, things are a bit easier — and the results are called a Distributed Denial of Service (DDoS) attack.

A DDoS attack is a mode of cyberattack in which attackers overwhelm a victim or target with massive amounts of fake traffic. This is an attempt to knock a server or network resource offline, thereby stopping it being available to legitimate users. While similar to a Denial of Service (DoS) attack — in which this flood of phony requests or data packets comes from one computer with a single internet connection — a DDoS attack is distributed across many computers in what is known as a botnet.

For those without the proper anti-DDoS protection, the results of a DDoS attack can be calamitous.

Attacks are getting worse

Some of the biggest DDoS attacks on record are almost mind-bogglingly massive. For example, in 2020, Amazon Web Service (AWS) was hit with a three-day attack which peaked at a bombardment of 2.3 terabytes of junk data sent every second. Even more potentially devastating was a 2017 attack on multiple Google IP addresses. That attack continued for six months and, at its apex, peaked at 2.5 terabytes per second.

Cyberattackers who traffic in DDoS attacks are constantly on the lookout for new ways to make attacks extra devastating to victims. This often involves searching for means by which they can amplify the size of a DDoS attack using underhanded methods.

For instance, in February 2021, researchers discovered that devices featuring Windows, Mac, and Linux streaming and multimedia asset management tool, Plex Media Server, could be abused to amplify DDoS attacks

When devices running this app are connected to a network, they begin scanning for compatible devices using the Simple Service Discovery Protocol (SSDP). When this happens, they expose a protocol that can be exploited by attackers to amplify the web traffic they fire in the direction of DDoS targets. According to a report, approximately 27,000 Plex Media servers could theoretically be exploited in this way for DDoS abuse. Using the amplification vector, attacks can be amplified by a factor of around 4.68. That means turning an incoming packet of 52 bytes into 281 bytes, prior to sending it in the direction of the victim.

A game of Whac-A-Mole

Plex rapidly responded to say that it was developing a software patch to add additional protection against this malicious use of its software. However, in the Whac-A-Mole game that is internet cybersecurity, once one potential exploit has been sealed up, malicious actors are already working hard to find the next vulnerability — or 10.

While a DDoS is taking place, employees cannot access necessary resources on their networks, and customers are unable to access services. In the event that the website or service in question is an eCommerce site, that means that no product purchasing can be carried out for the duration of the DDoS attack. 

Working out how much money a DDoS attack can cost a business is difficult, since each will vary, but companies may lose tens of thousands of dollars for every hour that a successful attack takes place. There may be other, more immeasurable costs as well — involving dented customer loyalty or, in competitive industries, lost competitive advantages.

How to defend against DDoS attacks

Defending against DDoS attacks, and employing the right anti-DDoS protection measures, is essential. Fortunately, there are steps that businesses and organizations can take to do this. 

One of the best ways to mitigate the potential damage and risk of DDoS is finding a hosting provider who can efficiently absorb the potentially enormous amount of bad traffic that may be directed your way in the event of an attack. 

The strategies for doing this can vary based on the type of DDoS attack — whether it’s a volume-based attack, protocol attack, or application layer attack, referring to three of the different ways in which attackers might launch such an assault.

You can also use DDoS protection tools designed to filter out malicious traffic, while still allowing genuine traffic to reach its planned destination.

Hackers and cyber attackers will remain on the lookout for targets they can successfully wage DDoS attacks against. Reasons can vary from business competition to ideology to, simply, a desire to cause chaos. They will also continue to hunt for vulnerabilities, such as the one involving Plex Media, that can be abused to increase the effects of DDoS attacks. 

Luckily, the tools exist to help businesses fight back. Choose wisely.

Leave a Comment