Network-based threats still outpace security measures

Cyberthreats are escalating faster than many firms can identify, block and mitigate them, according to a new threat report released by CenturyLink. 

“Well-financed nation-states and focused criminal groups have replaced the lone-wolf troublemaker and less sophisticated attackers motivated by chatroom fame,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs. 

“Thankfully, through our actionable insights, we can defend our network and those of our customers against these evolving threats,” Benjamin said.

CenturyLink found that botnets continue to be successful because of the ease with which they compromise their targets and their ability to be operated remotely and covertly.

Botnets like Necurs, Emotet and TheMoon have demonstrated evolutions in both complexity and resiliency. Malware families like Gafgyt and Mirai are also ongoing concerns given their target of IoT devices.

DNS (Domain Name Server) is often overlooked as a potential attack vector, but there has seen a rise in DNS-based attacks, such as DNS tunneling — which can be used to encode data in the sub domains of a DNS query or response, allowing unabated network access to extract data, subvert security controls or send arbitrary traffic.

Over one recent multi-week period, Black Lotus Labs detected an average of 250 domains per day being abused, representing over 70,000 lookups to each domain.

DDoS (Distributed Denial of Service) attacks continue to cause service delays and take businesses offline. Over the first half of the year, CenturyLink’s Security Operations Centre (SOC) mitigated over 14,000 DDoS attacks against customers. Of the top 100 largest attacks, in the first half of the year, 89 percent were multi-vector.

The top five countries most under attack in the first half of 2019 were the United States, China, India, Russia and Vietnam. India and Vietnam are new to the top five.