A10 Network’s recently released State of DDoS Weapons Report provides unique insights into Distributed Denial of Service (DDoS) attack techniques by tracking and taking inventory of the millions of DDoS weapons in the wild that can be exploited and used to launch attacks.
A10 Network’s recently released State of DDoS Weapons Report provides unique insights into Distributed Denial of Service (DDoS) attack techniques by tracking and taking inventory of the millions of DDoS weapons in the wild that can be exploited to launch attacks. The threat intelligence derived from our research is an invaluable resource that helps A10 Networks and our customers proactively strengthen their defences.
Why inventory DDoS weapons? Well, while you probably won’t know when your organization might be attacked, why, or who might instigate it, you can have advance notice of where an attack might come from. That’s because the first “D” in DDoS is “Distributed.” Unlike stealthy, obfuscated intrusions, distributed weapon attacks are noisy and commonly observed. The attack weapons are composed of malware infected DDoS-for-hire botnets and exposed servers whose vulnerabilities are exploited to reflect and amplify an attack.
Knowing how to defend against both known and previously unseen attacks is important. But equally important is to know where the attacker’s weapons are actually located. To that end, A10 Networks and our partner DDoS threat researchers analyse forensic data, tap networks, track bot-herder activities, and scan the Internet for weapon signatures. We then create an up-to-date threat inventory that includes millions of IP addresses behind the DDoS weapons. This weaponry roadmap enables defenders to take a proactive stance against attackers by focusing on the location of DDoS weapons and the BGP Autonomous System Number (ASN) that hosts them upstream on the Internet.
Actionable intelligence is made available by leveraging a weaponry inventory and dynamically applying it to create blacklists with millions of entries listing the suspect IPs. This methodology is very effective because it doesn’t matter what kind of attack is sourced from the weapon — If you know in advance based on its location that the weapon has a track record for launching attacks, policies can be developed to proactively block it. The proactive actions thus enabled are especially effective for DDoS defence.
Key DDOS Weapon Observations 2018
- 22,811,159: DDoS weapons tracked by A10 Networks
- 5,116,043: Open DNS resolvers armed and ready to join DNS reflected amplification attacks
- China, USA, Italy: Top three countries hosting DDoS weapons
- 467,040: DDoS weapons hosted in public clouds
- USA, Italy, UK: Top three countries hosting IoT malware droppers