Netscout warns that using of the DTLS vector allows hackers to amplify DDoS attacks by 37 times.
The researchers found that criminals are using a relatively new vector for amplifying DDoS attacks: the Datagram Transport Layer Security (DTLS) protocol, which provides connection security for protocols using datagrams.
DTLS, like other UDP-based protocols, is susceptible to spoofing, which means it can be used as a DDoS amplification vector. That is, a hacker can send small DTLS packets to a DTLS-enabled device, and the response will be returned to the victim’s address in the form of a much larger packet.
According to experts, earlier this vector of attack amplification was used only by advanced attackers, but now the use of DTLS has become more accessible and even a variety of services for DDoS attacks for hire offer it.
Experts have calculated that DTLS can amplify an attack by 37 times. The largest attacks seen by Netscout were at approximately 45 Gbps. Moreover, attackers combined DTLS with other amplification vectors, resulting in approximately 207 Gbps.
Netscout reports that there are currently over 4,300 servers on the network vulnerable to this problem. Most often, it is a misconfiguration and outdated software that disables anti-spoofing mechanisms.
In particular, it was previously noted that Citrix Netscaller Application Delivery Controller devices are often vulnerable, although Citrix developers have already urged customers to upgrade to a newer version of the software, where anti-spoofing is enabled by default.
Let me remind you that Google revealed the most powerful DDoS attack in history.