
The current waves of DDoS attacks are becoming more sophisticated every year. In addition, according to the current Threat-Intel Report by NetSCOUT, more sophisticated attack methods such as CarpetBombing can be found in the „DDoS mainstream“. For this reason, we would like to present a generally unknown, but already ITW-seen (**) attack method, which we have successfully used in several DDoS RedTeaming engagements.
Brief background: Mobile providers and also some broadband providers use a technology called 0 Carrier-Grade NAT (CGNat) / Large Scale NAT, which gathers several users behind central IPs.
We have observed with a handful of protection providers that the last-line-of-defence (*) is now and then an IP block for attacker IP, not real scrubbing. This may be valid for blocking the first wave and for a few seconds, especially to prevent damage to the infrastructure being protected. The disadvantage is that a (too long) IP block can be abused by an attacker to block IPs. One can either use IP spoofing for this or, much more mundanely, use attack bots with mobile connections to block the mobile IPs.
This might lead to several hundred up to 15,000 users being locked out of the service at the same time, thanks to the Carier Grade NAT mentioned above. This can be extremely harmfull when you have a lot lot mobile-customers/clients.
We successfully applied this attackmethod several times in DDoS RedTeamings, both for volumetric and application attacks.
Attack mitigated by IP block, monitoring sees the target „online
- *) for the somewhat simpler providers, it is also the first line/only line of defence ^-^
- **) ITW // ENISA Threat Landscape 2021 Report/Chpt 8: localised DDoS where an attacker interferes with the connectivity of a specific area … using mobile devices/connection
More here.
Fachartikel

Cloud, SaaS und kritische Software-Lieferketten: Die wesentlichen Herausforderungen für Sicherheitsteams und Tipps, wie sie zu meistern sind

Wer ist für die Datensicherheit in der Cloud verantwortlich?

Warum Cybersecurity Ethical Hacking braucht

Digital Trust & die Rolle von Cybersicherheit

Managed Service Provider mit Superhelden-Status
Studien

Accenture-Studie: Europäische Führungskräfte trotz aktuellem Gegenwind zuversichtlich

Zielgenaue und diversifizierte Cyberangriffe: Vier IT-Sicherheitstrends 2023

Studie: Managed Services weiter auf dem Vormarsch

Rund jedes dritte Unternehmen in den USA und Kanada Opfer von Ransomware-Attacken

Forsa-Studie: Öffentliche Verwaltung hinkt bei IT-Sicherheit eigenem Anspruch hinterher
Whitepaper

Kompletter Leitfaden zur Auslagerung der Cybersicherheit für bessere Bedrohungsüberwachung und niedrigere Gesamtbetriebskosten

„State of DevOps Report 2023“: Plattform-Engineering als Schlüssel zum Erfolg von DevOps im Unternehmen

Bedrohungsanalyse Cybersecurity 2022: Der Ruin wird wichtiger als Lösegeld

Ransomware Report: KMU messen Cybersicherheit mehr Bedeutung zu
