Q3 DDoS report details attack trends, including the expanding base of CLDAP reflectors
With October’s focus on cybersecurity awareness, Lumen Technologies and its threat research team, Black Lotus Labs, released a pair of research reports including:
- New intelligence from Black Lotus Labs regarding the proliferation of Connectionless Lightweight Directory Access Protocol (CLDAP) reflectors – a known attack vector that is easily prevented with well-documented best practices.
- The Q3 2022 Distributed Denial of Service (DDoS) report, which provides the latest data and trends from the Lumen DDoS mitigation platform.
Marketing Technology News: SOCi Earns ISO 27001 Certification, Solidifies Platform Security to Protect Customer Information
CLDAP Research:
Background:
- CLDAP is an essential service in Microsoft environments. When improperly configured to expose the service to the internet, CLDAP can carry a bandwidth amplification factor of up to 70 times the volume of traffic sent. This makes it an enticing target for cybercriminals launching DDoS attacks.
- As soon as the CLDAP vulnerability was discovered in 2016, best practices for mitigating the threat were published; and yet, six years later, the number of exposed CLDAP reflectors is on the rise.
- Using Lumen’s global network visibility, Black Lotus Labs tracks CLDAP reflectors with a proprietary validator that registers distinct IPs that are open to reflection. This is a more precise assessment of the breadth of reflectors than has previously been available to the industry.
Notable findings:
- Black Lotus Labs discovered more than 12,000 CLDAP services are open to the internet – a 60% increase over the past year.
- One of the observed reflectors recently emitted 17 Gbps of traffic. At this level, just 100 CLDAP reflectors could be leveraged to wage an attack greater than 1 Tbps.
“It is alarming that CLDAP continues to be prolific and capable of generating large, impactful attacks – especially when we have well-documented best practices for prevention,” said Mark Dehus, director of threat intelligence for Lumen Black Lotus Labs. “Organizations running Active Directory should understand the risks of publicly exposing CLDAP, and we strongly recommend they restrict access to only the hosts and networks that need access.”
Lumen response
Black Lotus Labs is continuing to track and analyze vulnerable CLDAP reflectors and feed the intelligence into the Lumen Connected Security portfolio. The team is also expanding efforts to notify legitimate, third-party hosts of CLDAP reflection activity, and blocking long-lived CLDAP reflector traffic from traversing the Lumen global backbone.
Marketing Technology News: MarTech Interview with Laura Ritchey, EVP and COO at Radial
Notable findings from the Lumen Q3 2022 DDoS report:
- Lumen mitigated 5,547 attacks in Q3 – a 21% increase over Q2 – and the largest bandwidth attack scrubbed was 493 Gbps. This is nearly half the size of the largest mitigation in Q2 which, at 1.06 Tbps, was Lumen’s largest to date.
- Although Session Initiation Protocol (SIP) attacks only accounted for 3% of all mitigations, this attack vector – which targets VoIP infrastructure – remains of interest due to a dramatic upward trend over the past year. This quarter saw a 59% increase over Q2.
- The top five targeted industries were Telecommunications, Gaming, Software and Technology, Government and Finance.
- Of the 5,500+ attacks Lumen mitigated in Q3, nearly 40% targeted a single government customer. Despite the bombardment and a concentrated effort around July 4, the customer experienced no downtime.
“The combined research from Black Lotus Labs and the Lumen DDoS mitigation platform underscores an important reality for businesses today,” said Peter Brecl, director of security product management for Lumen. “Cyber criminals are always looking for new ways to achieve their goals, and attacks have become more complex. This means organizations need to consider a holistic security solution that includes DDoS mitigation to protect the availability of infrastructure and applications, Web Application and API Protection (WAAP) to protect against application-layer attacks, and bot management services to protect from malicious or unwanted bots. As organizations navigate through their digital transformation, this type of multi-layered approach is more important than ever.”
Marketing Technology News: Don’t Let Bad Data Sabotage Your Sales And Marketing Efforts
