When it comes to cybersecurity, staying a step ahead of bad actors plays a critical role in building defensive controls and effective responses to attacks. However, knowing how cybercriminals are structuring their attacks and choosing their targets can be a challenge, especially when you consider how often hackers alter their tactics.
To help you stay current on the latest emerging threats, Vercara’s Security Operations Center (SOC) has compiled the threats and attacks detected by our three core solutions, UltraDDoS, UltraDNS, and UltraWAF, over the last month and provided an expert analysis of the data.
UltraDDoS.
In the digital realm, where connectivity is king, Distributed Denial-of-Service (DDoS) attacks reign as one of the most potent threats to organizations. April 2024 saw a total of 7,610 DDoS attacks, marking a 21% increase compared to the preceding month. Vercara successfully mitigated all observed DDoS attacks while keeping our customers operational and maintaining their online presence.
Our SOC saw a significant spike in daily DDoS attacks by hacktivists fueled by the current geopolitical events in the Middle East. On April 12th, Vercara mitigated 1,494 DDoS attacks, an increase of 589% from the daily average. The attacks were primarily against a communication and infrastructure provider with customers representing multiple geographies and industries. Despite the high volume of attacks, Vercara was able to mitigate all observed DDoS attacks effectively.
Malicious actors continue to utilize carpet bombing-style DDoS attacks to evade detection and make mitigation more difficult. By leveraging low-traffic attacks across the entire network and changing several factors within the attack (source IP, destination IP, DDoS vector), attackers can avoid triggering threshold alerts.
In April, carpet bombing attacks accounted for 65% of all observed DDoS attacks. April 13th saw one carpet bomb DDoS attack that consisted of over 510 different waves that varied in attack vector and lasted approximately 48 minutes. Additionally, mega DDoS attacks, which consist of attacks over 100 Gbps, continued to grow month over month, with April seeing a 24% increase compared to March 2024.
UltraDNS.
The Domain Name System (DNS) is the cornerstone of internet functionality, translating user-friendly domain names into machine-readable IP addresses. In April 2024, Vercara UltraDNS processed over 3.66 trillion DNS queries, with a daily average of 122.09 billion authoritative queries.
The ”A” record type, requesting DNS answers for IPv4 resources, continues to be the prominent requested record type, accounting for 54.26% of queries followed. The “AAAA” record type, which provides IPv6 resource information, was second with 19.14%. Coming in third was the “NS” (Name Server) record type with 6.76% of all DNS requests. This suggests that resolvers are adopting newer DNS standards such as the Query Name (QNAME) Minimization technique outlined in Request for Change (RFC) 9156 as well as implementing shorter Time-to-Live (TTLs) which would require full recursion for future DNS queries.
Each query type, from the ubiquitous “A” record to the enigmatic “HTTPS” query, encapsulates the multifaceted demands of modern internet infrastructure, reflecting the dynamic interplay between technological innovation and operational exigencies.
Top 10 Queried Record Types
% Change is change compared to the prior month
On April 25th, Vercara observed a DNS water torture attack against a major construction company. This attack resulted in an increase of 3,743% in NX Domain responses compared to their daily average. UltraDNS handled this significant DNS water torture attack easily with no degradation to the customer’s service.
UltraWAF.
Ensuring web applications are available and responding to client requests is paramount to a company’s success. April 2024 witnessed a dynamic interplay of threats and countermeasures within Vercara’s UltraWAF infrastructure. Despite a slight decrease in overall web requests, the specter of malicious intent loomed large, constituting over half of received traffic. During April 2024, UltraWAF received over 1.13 billion web requests. Of those 1.13 billion web requests, 53.53% were detected to be malicious in nature, with an additional 0.85% being bot traffic.
During April 2024, the Signature Match threat category (identifying patterns of known attacks) was by far the most prevalent, accounting for 69% of all observed malicious traffic. The second most observed threat category for April was Invalid RFC Violations, with 10%, and Command Injections were third, with 9%.
Get the latest cybersecurity insights.
As bad actors around the world continue to evolve their techniques and tactics, our Security Operations Center team will continue to monitor, analyze, and report on these trends to help you better secure your online experience.
For more information on the latest cybersecurity news and trends, visit our reports page. To learn how Vercara’s suite of solutions can help defend your organization, contact our sales team.
