Cybersecurity News in Asia

Features
- Featured
  
  AI adoption in India: A balancing act worth chatting about
  
  Thursday, April 25, 2024, 2:53 PM Asia/Singapore | Features, Newsletter
- Featured
  
  AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
  
  Monday, April 22, 2024, 4:40 PM Asia/Singapore | Case Study, Features
- Featured
  
  What businesses need to know about SEO poisoning
  
  Tuesday, April 16, 2024, 4:55 PM Asia/Singapore | Features
News
- Featured
  
  How medical devices manufacturer Tuttnauer protects patient and personal-data safety
  
  Tuesday, April 23, 2024, 5:22 PM Asia/Singapore | Case Study, News
- Featured
  
  How much of automated internet traffic contains malicious activity?
  
  Monday, April 22, 2024, 9:02 AM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  Large language models have their strengths and weaknesses: analysis
  
  Monday, April 22, 2024, 8:56 AM Asia/Singapore | News
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

A vulnerability in CLDAP may explain the increase in Q3 DDoS attacks

By CybersecAsia editors and webmaster webmaster | Wednesday, November 2, 2022, 1:55 PM Asia/Singapore

This is one of several trends noted in one DDoS mitigation firm’s Q3 user ecosystem data.

In analyzing its customer protection ecosystem between 1 July through September 30, 2022, a cybersecurity firm has reported a 21% increase in distributed denial-of-service attacks (DDoS attacks) quarter-on-quarter, with a special focus on vulnerabilities in the Connectionless Lightweight Directory Access Protocol (CLDAP).

If a CLDAP has been misconfigured to be exposed to the internet, the service would be vulnerable to cyberattacks, allowing cybercriminals to launch reflective DDoS attacks with a bandwidth amplification factor of up to 70 times of the original request.

Highlights of the Q3 DDoS report also include the following:

A total of 5,547 DDoS attacks, at 63 attacks per day, were mitigated — an increase of 21% over Q2. The average attack size in the ecosystem was 1.4Gbps, (18% increase from Q2). The average packet rate-based attack scrubbed was 434 Kpps, up 12% from the previous quarter.
83% of DDoS attack durations were under 30min, up 15% from the previous quarter.
169 seconds was the average DDoS attack period in Q3, while the longest recorded was 6 days.
Multi-vector attacks were on the rise, accounting for 40% of attacks. These are layered DDoS attacks where cybercriminals use more than one method to attempt to disrupt an organization.
The largest attacks in the ecosystem targeted the Telecoms, Gaming and Software & Technology industries.
Attackers were exploiting vulnerabilities in essential services to amplify attacks up to 70 times in size
‘Hit-and-run’ attacks — where threat actors deploy smaller and shorter attack campaigns to evaluate targeted organizations’ defenses — were continuing in trend
Attacks on the ecosystem users during public holidays were noted as ideal attack windows for adversaries due to the potential for understaffing of IT and security activities

The report by Lum e n also summarizes some DDoS myths: that small or short DDoS attacks can be ignored; that DDoS protection alone (without additional threat intelligence) is enough; and organizations not in the targeted industries are safe.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper
Fortanix Data Risk Management – Using Tokenization to Secure Your Data
In today's digital world, organizations prioritize data security. To protect sensitive information, they use tokenization, …Download Whitepaper

Middle-sidebar-banner

Case Studies

How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more
AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
To test the safety/security of a generative AI feature, what unchartered bugs and human testing …Read more
Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more

Cybersecurity News in Asia

Featured

AI adoption in India: A balancing act worth chatting about

Featured

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Featured

What businesses need to know about SEO poisoning

Featured

How medical devices manufacturer Tuttnauer protects patient and personal-data safety

Featured

How much of automated internet traffic contains malicious activity?

Featured

Large language models have their strengths and weaknesses: analysis

A vulnerability in CLDAP may explain the increase in Q3 DDoS attacks

This is one of several trends noted in one DDoS mitigation firm’s Q3 user ecosystem data.

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar