CAMBRIDGE, Mass., April 12, 2017 /PRNewswire/ -- Akamai
Technologies, Inc. (NASDAQ: AKAM), the global leader in content
delivery network (CDN) services, today published new research from
the company's Security Intelligence Response Team (SIRT). Akamai
researchers Jose Arteaga and
Wilber Majia have identified a new
Connection-less Lightweight Directory Access Protocol (CLDAP)
reflection and amplification method. Akamai SIRT has observed this
attack vector producing Distributed Denial of Service (DDoS)
attacks consistently exceeding 1 Gbps, comparable to Domain Name
System (DNS) reflection attacks. A full report detailing the SIRT
findings is available for download at
http://akamai.me/CLDAPAdvisory.
Overview
Unlike other reflection-based vectors, where
compromised hosts may number in the millions, the observed CLDAP
amplification factor has been able to produce significant attack
bandwidth with significantly fewer hosts.
Since October 2016, Akamai has
detected and mitigated a total of 50 CLDAP reflection attacks, 33
of which were single vector attacks using CLDAP reflection
exclusively. A 24 Gbps attack mitigated by Akamai on January 7, 2017 is currently the largest DDoS
attack using CLDAP reflection as the sole vector observed by the
SIRT. The average bandwidth for CLDAP attacks has been 3 Gbps.
While gaming is typically the most targeted industry for DDoS
attacks, observed CLDAP attacks have primarily targeted the
software and technology industry. Other industries targeted include
Internet and telecom, media and entertainment, education, retail
and consumer goods, and financial services.
The largest concentration of unique CLDAP reflectors observed in
attacks were located within the United States.
Mitigation
Like many other reflection and
amplification attack vectors, CLDAP attacks would not be possible
if organizations had proper ingress filtering in place. Potential
hosts are discovered using Internet scans and filtering User
Datagram Protocol (UDP) destination port 389.
Akamai observed a total of 7,629 unique CLDAP attack reflectors
based on sources collected during actual CLDAP reflection attacks.
The usable pool of CLDAP reflectors is larger than this number,
however, as revealed by Internet scanning. Unless there is a
legitimate need for an organization to have CLDAP available over
the Internet, there should be no reason to compound the DDoS
reflection problem by exposing this protocol. Once a server is
identified as a viable source for a CLDAP reflection attack, Akamai
adds it to a list of known reflectors to prevent subsequent abuse
of this service.
"More than 50 percent of all attacks are consistently comprised
of UDP-based reflection attacks," explained Jose Arteaga, Security Intelligence Response
Team, Akamai. "Based on similarities shared with UDP reflection
attack scripts, CLDAP has likely been included, or will be
included, into a full attack script, and integrated into the
booter/stresser infrastructure. If it has yet to be included, we
may not have seen the worst of these attacks."
Akamai continues to monitor and analyze data related to this
ongoing threat. To learn more, please download a complimentary copy
of the research at http://akamai.me/CLDAPAdvisory.
About Akamai
As the global leader in Content Delivery
Network (CDN) services, Akamai makes the Internet fast, reliable
and secure for its customers. The company's advanced web
performance, mobile performance, cloud security and media delivery
solutions are revolutionizing how businesses optimize consumer,
enterprise and entertainment experiences for any device, anywhere.
To learn how Akamai solutions and its team of Internet experts are
helping businesses move faster forward, please visit www.akamai.com
or blogs.akamai.com, and follow @Akamai on Twitter.
Contacts:
|
|
Rob Morton
|
Tom Barth
|
Media
Relations
|
Investor
Relations
|
617-444-3641
|
617-274-7130
|
rmorton@akamai.com
|
tbarth@akamai.com
|
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/akamai-security-intelligence-response-team-identifies-new-reflection-attack-method-300438428.html
SOURCE Akamai Technologies, Inc.