When it comes to cybersecurity, staying a step ahead of bad actors plays a critical role in building robust defenses and effective responses to attacks. However, knowing how cyber criminals are structuring their attacks and choosing their targets can be a challenge, especially when you consider how often hackers are changing and altering their tactics.
To help you stay up to date on the latest emerging threats, Vercara’s Security Operations Center has compiled the threats and attacks detected by our three core solutions, UltraDDoS, UltraDNS, and UltraWAF, over the last month and provided an expert analysis of the data.
UltraDDoS.
DDoS attacks, while often swiftly mitigated, remain more prevalent than commonly perceived. In March 2024, Vercara’s UltraDDoS Protect detected and mitigated 6311 DDoS attacks, representing a 20.18% decrease from the previous month. However, the sheer volume underscored the persistent threat posed by DDoS attacks. The largest DDoS attack observed consisted of over 939.43 Gigabits per Second (Gbps) with over 283 million Packets per Second (Mpps).
On March 9th, there were 1346 DDoS attacks observed, an 813.29% increase from the daily average, primarily against a Communication Service provider. Vercara was able to mitigate all of these DDoS attacks with no degradation to the targeted customer or our larger customer base.
Carpet bombing DDoS attacks constituted 60% of all observed incidents in March, with varied durations and intensity. These attacks, intended to avoid detection by leveraging low-traffic attacks across the entirety of the network, reduce the likeliness of triggering threshold alerts and make mitigation more difficult by constantly changing several factors within the attack (source IP, destination IP, DDoS Vectors). On March 9th, one carpet bomb attack consisted of over 1250 waves of varying attack vectors and lasted approximately a little over three hours, underscoring the sophistication of modern DDoS attacks.
Attack vectors serve as crucial signatures for detecting and mitigating DDoS threats. In March 2024, IP Fragmentation emerged as the most prevalent vector, followed closely by DNS Amplification and UDP attacks. Notably, attacks often leverage multiple vectors simultaneously, complicating defense strategies.
Industries targeted by these attacks provide insights into the motives behind DDoS campaigns. Communication Service Providers bore the brunt of malicious traffic, accounting for 52.31% of attacks. Financial Services and eCommerce sectors followed, highlighting the diverse range of motivations driving DDoS actors.
UltraDNS.
In the complexity of the web of internet infrastructure, the Domain Name System (DNS) serves as a critical service, translating user-friendly domain names into machine-readable IP addresses. A meticulous examination of DNS statistics and trends from UltraDNS, a leading authoritative DNS managed service, unveils invaluable insights into internet usage, technological evolution, and the security landscape.
In March 2024, Vercara UltraDNS processed over 3.84 trillion authoritative DNS queries, an increase of 7.77% from the month prior, with an average of 123.89 billion authoritative queries per day.
DNS query types mirror the dynamic nature of internet addressing and domain resolution. During March 2024, the ”A” record, requesting DNS answers for IPv4 addresses, commanded over 55.28% of all queries, followed by” AAAA” records for IPv6 resource records at 19.29%. Notably, the surge in ”HTTPS” query types, consisting of 6.72% of all queries, underscores the embrace of the newer Resource Record type. Furthermore, insights into the ”NS” and ”PTR” queries shed light on delegation and reverse DNS lookups, accounting for 6.00% and 3.58%, respectively.
DNS response codes serve as a barometer for server health and protocol irregularities. The prevalence of “No Error” responses at 80.50% underscores the robustness of DNS query resolutions. Conversely, “NX Domain” responses at 19.94% hint at misconfigurations or potential DDoS activities. Noteworthy is the occurrence of “Refused” response at 0.55%, indicative of malformed queries or unauthorized access attempts. Similarly, “SERVFAIL” responses of 0.01% indicate that server-side errors are almost non-existent.
UltraWAF.
March 2024 witnessed a notable decrease of 10.94% in total web request traffic compared to the previous month. However, malicious traffic grew by 7.96% in that same time period.
Overall, Signature Match (identifying patterns of known attacks) emerged as the most prevalent attack category, constituting 65.60% of malicious traffic, followed by Field Consistency (checks against invalid form submissions) at 9.62% and Invalid RFC (violations of the HTTP RFC) at 8.99%.
Get the latest cybersecurity insights.
As bad actors around the world continue to evolve their techniques and tactics, our Security Operations Center team will continue to monitor, analyze, and report on these trends to help you better secure your online experience. For more information on the latest cybersecurity news and trends, visit our reports page, and to learn how Vercara’s suite of solutions can help defend your organization, contact our sales team.