There are over 24 million home routers that have open DNS proxies. Because of these devices, Internet service providers (ISPs) are vulnerable to DNS amplification distributed denial-of-service (DDOS) attacks, experts warn.
Researchers from telecom analytics, security and DNS network services company Nominum have found that over 5.3 million of these vulnerable routers have been used to generate attack traffic in February 2014. In one attack that took place in January 2014, over 70% of a provider’s DNS traffic was associated with DNS amplification.
“Existing in-place DDoS defenses do not work against today’s amplification attacks, which can be launched by any criminal who wants to achieve maximum damage with minimum effort,” explained Sanjay Kapoor, CMO and SVP of strategy at Nominum.
“Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies,” Kapoor added.
“ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic. ThreatAvert combined with ‘best in class’ GIX portfolio overcomes gaps in DDoS defenses, enabling ISPs to constantly adapt as attackers change their exploits, and precision policies surgically remove malicious traffic.”
DNS amplification attacks are still the most popular among cybercriminals. One of the reasons is because they’re easy to launch. In the case of home routers, they’re being abused for such attacks because they make it difficult for the ISP to determine the target.
ISPs whose networks are abused for DNS amplification attacks have their bandwidth saturated due to the malicious traffic. In addition, intermittent service disruptions caused by the cybercriminal operations can lead to a spike in support calls, which can have a negative financial impact on the company.
Revenue is also impacted because ISPs have to increase expenses to prevent customers from leaving due to poor online experience. Finally, a provider’s reputation can also be impacted by such cyberattacks.
To help ISPs combat these threats, Nominum has launched a solution called Vantio ThreatAvert, which enables them to proactively protect their networks. The product is powered by Nominum’s Global Intelligence Xchange (GIX), a constantly updated database that contains a list of malicious DNS amplification domains.
Vantio ThreatAvert also leverages Precision Policies, which enables companies to precisely identify and neutralize malicious traffic.
The intensity of DDOS attacks continues to increase. Over the past months, in addition to DNS amplification attacks, experts have also spotted some significant operations relying on vulnerable Network Time Protocol (NTP) servers.