New Network Protocols Abused To Launch Large-Scale Distributed Denial of Service (DDoS) Attacks

The Federal Bureau of Investigation issued an alert just the previous week cautioning about the discovery of new network protocols that have been exploited to launch large-scale distributed denial of service (DDoS) attacks. 

The alert records three network protocols and a web application as newfound DDoS attack vectors.  

The list incorporates CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software. 

Three of the four (CoAP, WS-DD, ARMS) have just been exploited in reality to launch monstrous DDoS attacks, the FBI said dependent on ZDNet’s previous reporting. 

In December 2018, cyber actors began exploiting the multicast and command transmission features of the Constrained Application Protocol (CoAP) to lead DDoS reflection and amplification assaults, bringing about an enhancement factor of 34, as indicated by open-source reporting. 

In May and August 2019, cyber actors abused the Web Services Dynamic Discovery (WS-DD) convention to launch more than 130 DDoS attacks, with some reaching sizes of more than 350 Gigabits for every second (Gbps), in two separate influxes of attack, as indicated by open-source reporting. 

In October 2019, cyber actors abused the Apple Remote Management Service (ARMS), a part of the Apple Remote Desktop (ARD) feature, to lead DDoS amplification attacks, according to open-source reporting. 

In February 2020, UK security researchers identified a vulnerability in the inherent network discovery protocols of Jenkins servers-free, open-source, automation workers used to help the software development process that cyber actors could exploit to conduct DDoS amplification attacks – as indicated by open-source reporting. 

FBI officials believe that these new DDoS threats will keep on being exploited further to cause downtime and damages for the ‘foreseeable future’. 

The reason for the alert is to warn US companies about the ‘imminent danger’, so they can put resources into DDoS mitigation systems and create partnerships with their internet service providers to quickly respond to any attacks utilizing these new vectors. 

As of now, these four new DDoS attack vectors have been utilized inconsistently, however, industry specialists anticipate that them to become widely abused by DDoS-for-hire services.