With cyberthreats increasing in size and scope, businesses are scrambling to find new ways to protect their financial and human capital assets. Many enterprise solutions offer endpoint protection and network security, but the SMB sector doesn’t have the budget to deploy enterprise security solutions and typically lacks the in-house expertise to keep their networks and users adequately protected. In particular, as employees bring mobile devices onto corporate networks, and with new attack variants being introduced almost daily, small and mid-sized businesses have no way of keeping up. This is where communications service providers (CSPs) can step in to provide a broad layer of protection, visibility, and control from within their own networks.
One of the biggest cyberthreats making the rounds on the internet is the Mirai botnet. Mirai targets connected Internet of Things (IoT) devices, using each infected device to launch DDoS attacks and cause website outages around the globe by flooding them with queries. Examples of recent Mirai-generated web outages are the Dyn attack which took down or significantly slowed sites like Airbnb, Twitter, the New York Times, CNN, Fox News, Netflix and many other popular domains in late October of this year, as well as the attack that temporarily took down security expert Brian Krebs’ KrebsOnSecurity website in September.
Nominum’s inaugural security report published by its Data Science team, Data Revelations: Fall 2016, includes an analysis of some of the largest threats that are impacting organizations and individuals, including ransomware, DDoS, mobile malware, IoT-based attacks and more. Since DNS is the launch point for over 90% of cyberattacks, it offers a great vantage point from which to examine, understand, thwart and proactively prevent threats1. With industry-leading research experience, and by applying machine learning, artificial intelligence, natural language processing, neural networks and more, Nominum Data Science is able to locate, analyze, prevent and predict some of the most sophisticated and dangerous cyberthreats ever to hit the internet.
Nominum Data Science just released a new Data Science and Security report that investigates the largest threats affecting organizations and individuals, including ransomware, DDoS, mobile device malware, IoT-based attacks and more. Below is an excerpt.
This story has been told thousands of times before – a botnet is born, a botnet goes down, a botnet tries to get its bots back together. But the story of Necurs is unique.
Nominum Data Science detected a huge wave of malicious DNS queries rolling across the Internet Dec 14 and 15 2015, adding to stress for service providers already have around the holidays. Since it’s one of the peak buying seasons on the Internet most networks are locked down and operations teams are on alert. Many unfortunately were probably not expecting a huge surge in DNS DDoS as it has been fairly consistent the past few months. ThreatAvert customers were protected but many other networks likely experienced adverse impact – substantial slowdowns or even outages for servers that saw high volumes of queries.
2014 saw numerous huge spikes in DDoS traffic – some as large as 5 billion queries per day across Nominum worldwide data set which covers around 3% of overall ISP DNS traffic. Extrapolating, this meant more than 150 Billion unwanted queries across the Internet on the peak days.
DNS DDoS continues on the trend line established in 2014 – with tens of billions of malicious queries Internet-wide every day. Many of the domains attacked are lightly trafficked, but popular (Alexa 5000) domains are commonly targeted. For example alternative news sites, a university, and ecommerce sites have been attacked in the past couple of months. Attacks on popular domains require extra care when mitigating to avoid blocking legitimate queries.