Public cloud use surges among DDoS attackers, research shows

The Alibaba, Amazon and Microsoft public clouds are being increasingly used by perpetrators of distributed denial of service (DDoS) attacks to rapidly scale their assaults, research shows.

According to data accrued by DDoS mitigation software supplier, Link11, during the 12 months to June 2018, a quarter of attacks (25%) in Europe were run off public cloud servers, equating to a 35% rise compared with the previous year.

The Microsoft Azure platform emerged as the most readily exploited by DDoS attackers, with 38.7% of campaigns hosted there, compared with 32.7% on Amazon Web Services (AWS) and 17.9% on the Alibaba cloud.

The data, lifted from Link11’s Security Operation Center (LSOC), suggests the Google Cloud Platform is used far less often than its competitors to run DDoS attacks, with just 10.7% of them hosted there.

According to Link11, the uptick in interest from DDoS perpetrators in using public cloud can be attributed to the greater amounts of bandwidth it offers. This in turn means the volume of traffic generated by public cloud-based botnets is far higher than what could be achieved by hackers compromising internet of things (IoT) devices, for example.

Aatish Pattni, regional director for the UK and Ireland for Link11, said DDoS attackers are using public cloud for the same reasons a lot of enterprises now do.

“The services provide flexible, on-demand capacity and resources, and can be provisioned in just a few minutes,” said Pattni.

“For threat actors, the benefits are even more compelling because they will often use stolen credit card details and false identities to pay for the services.

“This makes the perpetrators almost impossible to trace, even though providers such as Amazon are taking strong action against misuse, and asking users to report any suspected abuse of their services,” he added.

When it comes to talking steps to protect their businesses from cloud-mediated DDoS attacks, Link11 said it is often fruitless to try to block traffic from the likes of Amazon, Microsoft, Alibaba and Google, if they are already using public cloud services in-house.

“Instead, organisations should analyse in detail the communication between public cloud services and their own network, and monitor for malicious or unwanted traffic,” the company advised.

“Ongoing analysis of data traffic, using machine-learning techniques, enables legitimate traffic to be profiled and fingerprinted, so that any changes can be detected quickly and reliably.

“The malicious traffic can then be filtered out in a granular manner before it can impact on the organisation’s business,” it added.