Contact Contact Us

WEEKLY COMMENTS

A recent report on distributed-denial-of-service (DDoS) attack landscape reveals that there is a direct correlation between cryptojacking and DDoS attacks. Threat actors were observed to have diverted botnet resources for DDoS attacks as cryptomining became less lucrative due to falling cryptocurrency value. The report also indicated that DDoS attack volume dropped by 28% when compared to 2017 but the average peak traffic increased 204% to 42.8Gbps. The most targeted industries are Cloud services, gaming and e-commerce, with attacks taking place during the businesses' peak period to maximise the attack effect. China is ranked the top attack source but also received the most DDoS attacks in 2018. A recent DDoS incident, which abuses a HTML feature called hyperlink auditing (aka pings), supports the observations made in the report. During the incident, users who have clicked on a link spread via WeChat unknowingly become the attack vectors as the tainted website contains scripts that generate a HTTP ping request to the targeted websites every second. Some 4,000 IP addresses, mostly from China, generated about 70 million requests in four hours and causing denial of service. Users can defend against this DDoS attack by disabling the hyperlink auditing feature in the browser.

References:
[1] 2018 DDoS Attack Landscape (PDF)
[2] The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883