Public cloud services used to boost DDoS attacks
Hackers are increasingly abusing public cloud services in order to launch DDoS attacks, according to new research.
The study from anti-DDoS company Link11 shows that a quarter of all DDoS attacks in Europe in the 12 months from July 2017 to June 2018 used public cloud server-based botnets, compared to 18.5 percent in the previous 12 months.
Microsoft Azure was the cloud service most exploited for DDoS attacks over this period, with 38.7 percent of such attacks using Azure servers on average. Amazon Web Services (AWS) was used in 32.7 percent of attacks, and Alibaba servers used in 17.9 percent. Google servers were abused much less often, used in only 10.7 percent of attacks.
Aatish Pattni, Regional Director UK and Ireland for Link11 says:
The people behind DDoS attacks are embracing the use of public cloud services for the same reasons as legitimate organizations: the services provide flexible, on-demand capacity and resources, and can be provisioned in just a few minutes.
For threat actors, the benefits are even more compelling because they will often use stolen credit card details and false identities to pay for the services. This makes the perpetrators almost impossible to trace, even though providers such as Amazon are taking strong action against misuse, and asking users to report any suspected abuse of their services.
According to Link11, public cloud server-based botnets are the ideal platform for launching DDoS attacks. Cloud instances generally offer bandwidths of between one and 10 Gbps, enabling attack volumes which can be as much as 1000 times higher than is possible with individual compromised devices such as home routers or IoT cameras.
Since organizations are often relying on public cloud, blocking these services is not an option. In order to protect themselves businesses need to analyze in detail the communication between public cloud services and their own network, and monitor for malicious or unwanted traffic. This can be done effectively using machine-learning techniques, enabling legitimate traffic to be profiled and fingerprinted.
You can find out more on the Link11 website.