DDoS Attacks Use Emerging Techniques; Telecom Industry Seeing Largest Attacks

DDoS attacks, similar to many trends, experience seasonality. There are going to be periods of time when attacks are more frequent. In Q2 2022, Lumen Technologies mitigated a total of 4,572 attacks, a 26% decrease compared to Q1, which is traditionally a highly active period.

Of those attacks, Lumen mitigated a 1.06 TBps DDoS attack that was part of a larger campaign targeting a single victim. This is one of the company’s largest attacks that it mitigated.

Lumen revealed the attack in its quarterly DDoS report for Q2 2022. The failed attack was part of a larger campaign in which the threat actor attempted to leverage multiple emerging techniques.

Attackers are leveraging cloud-based services in a fraudulent way to significantly boost their attack capability. Cybercriminals mask their acquisition and control of cloud-based services through compromised hosts or anonymizing services with this technique. The attacker will abuse the cloud providers' resources to launch volumetric attacks against their intended victims.

"Cloud providers must be vigilant to ensure their services are not being abused,” said Mark Dehus, director of threat intelligence for Black Lotus Labs, the threat research team at Lumen. “They should also have mitigation methodologies to limit the impact if a threat actor gains unauthorized or fraudulent access to resources."

Black Lotus Labs revealed the 1.06 Tbps attack was part of a larger campaign that lasted 12 minutes. While the size of the attack is very significant, it wasn’t nearly the longest-lasting attack Lumen mitigated, which lasted 21 days, eight hours.

The 1.06 Tbps attack began when the threat actor attempted to deploy a series of "hit-and-run" attacks. With this technique, victims are targeted with a series of consecutive attacks that are small in size and duration. Threat actors deploy these attacks to assess a potential victim's defenses and determine which attack methods will be successful.

In late 2021, researchers reported a rise in attacks targeting VoIP providers. In Q2 2022, one attack vector – Session Initiation Protocol – stood out in the data. Although the number of SIP attacks that Lumen mitigated was 1.84% of all mitigations, they represented a 315% increase over Q1 2022 and a 475% increase over Q3 2021. The telecom industry, though includes the majority of the 500 largest attacks Lumen mitigated in Q2.

Attacking SIP is considered a more surgical approach to disrupting VoIP services compared to DDoS methods like TCP-SYN flooding and UDP-based amplification.

"Organizations of all types can be victimized by DDoS attacks," said Dehus. "Using the intelligence and visibility from the Lumen Platform, Black Lotus Labs can protect Lumen DDoS customers with better insights from the ever-growing list of threats to business-critical systems and data."

There are things that organizations cannot control with cybersecurity. They do, however, have control over how to respond to emerging attacks.

Edited by Erik Linask