Arstechnica reports that cybercriminals are adopting increasingly sophisticated methods to launch distributed denial-of-service (DDoS) attacks. Cloudflare researchers Omer Yoachimik and Jorge Pacheco have identified an alarming escalation in the complexity of these attacks. They note that even the most advanced attacks may only last a few minutes or even seconds, leaving insufficient time for human response.
DDoS attacks work by overwhelming a web server or other online property with more traffic than it can handle, causing the service to buckle and deny service to legitimate users. The attackers are now using new methods to conceal the maliciousness of the traffic and deliver larger traffic floods that can overwhelm targets even when they have DDoS mitigations in place.
These methods include HTTP DDoS attacks, which use the hypertext transfer protocol to flood websites and HTTP-based API gateways with enough requests to exhaust their computing resources. The attackers are now using methods that make it harder to distinguish between malicious and benign traffic.
Another method on the rise is the exploitation of servers running unpatched software for the Mitel MiCollab and MiVoice Business Express collaboration systems. A vulnerability tracked as CVE-2022-26143 stems from an unauthenticated UDP port the unpatched software exposes to the public Internet.
DNS Laundering attacks were the third DDoS technique in vogue last quarter. By flooding a target’s DNS infrastructure with more lookup requests than it has the resources to handle, attackers have long been able to make targeted services unavailable.
Lastly, the researchers identified the use of virtual-machine botnets. Rather than relying on infected routers and other Internet-connected devices, attackers use VMs or virtual private servers. The computational and bandwidth resources of these botnets dwarf the capacity of more traditional botnets to deliver “hyper-volumetric” DDoSes.