Sie sind an Cloud Computing interessiert? Legen Sie jetzt los

PRESS RELEASE

Akamai Security Intelligence Response Team Identifies New Reflection Attack Method

CLDAP Reflection Attacks Generate up to 24 Gbps of Traffic; Target Software and Technology Industry; Largest Concentration in U.S.

Cambridge, MA USA | April 12, 2017

Share

Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today published new research from the company’s Security Intelligence Response Team (SIRT). Akamai researchers Jose Arteaga and Wilber Majia have identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method. Akamai SIRT has observed this attack vector producing Distributed Denial of Service (DDoS) attacks consistently exceeding 1 Gbps, comparable to Domain Name System (DNS) reflection attacks. A full report detailing the SIRT findings is available for download at http://akamai.me/CLDAPAdvisory.

Overview

Unlike other reflection-based vectors, where compromised hosts may number in the millions, the observed CLDAP amplification factor has been able to produce significant attack bandwidth with significantly fewer hosts.

Since October 2016, Akamai has detected and mitigated a total of 50 CLDAP reflection attacks, 33 of which were single vector attacks using CLDAP reflection exclusively. A 24 Gbps attack mitigated by Akamai on January 7, 2017 is currently the largest DDoS attack using CLDAP reflection as the sole vector observed by the SIRT. The average bandwidth for CLDAP attacks has been 3 Gbps.

While gaming is typically the most targeted industry for DDoS attacks, observed CLDAP attacks have primarily targeted the software and technology industry. Other industries targeted include Internet and telecom, media and entertainment, education, retail and consumer goods, and financial services.

The largest concentration of unique CLDAP reflectors observed in attacks were located within the United States.

Mitigation

Like many other reflection and amplification attack vectors, CLDAP attacks would not be possible if organizations had proper ingress filtering in place. Potential hosts are discovered using Internet scans and filtering User Datagram Protocol (UDP) destination port 389.

Akamai observed a total of 7,629 unique CLDAP attack reflectors based on sources collected during actual CLDAP reflection attacks. The usable pool of CLDAP reflectors is larger than this number, however, as revealed by Internet scanning. Unless there is a legitimate need for an organization to have CLDAP available over the Internet, there should be no reason to compound the DDoS reflection problem by exposing this protocol. Once a server is identified as a viable source for a CLDAP reflection attack, Akamai adds it to a list of known reflectors to prevent subsequent abuse of this service.

“More than 50 percent of all attacks are consistently comprised of UDP-based reflection attacks,” explained Jose Arteaga, Security Intelligence Response Team, Akamai. “Based on similarities shared with UDP reflection attack scripts, CLDAP has likely been included, or will be included, into a full attack script, and integrated into the booter/stresser infrastructure. If it has yet to be included, we may not have seen the worst of these attacks.”

Akamai continues to monitor and analyze data related to this ongoing threat. To learn more, please download a complimentary copy of the research at http://akamai.me/CLDAPAdvisory.

 

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.