Beware of Application-Layer Attacks

DDoS attacks exploiting application vulnerabilities are on the increase.

Penguin with a black hat on
Gary Sockrider

As we have said many times before, threat actors are always looking for ways to improve on their attack strategies. This nefarious behavior is clearly seen in the ways attackers are utilizing application-layer DDoS attacks, as detailed in the 2H 2021 Threat Intelligence Report.

Application-layer DDoS attacks are used by threat actors to target vulnerabilities or issues with an application so it can’t deliver content to a user. A good example of this is a DNS query-flooding attack, which is an application-layer attack when it’s directed toward authoritative DNS servers. The goal is to prevent legitimate clients from resolving the DNS records of assets such as websites, VoIP services, and online gaming services.

How do you defend the DNS infrastructure?

Learn more on how to defend your DNS Infrastructure.

These types of attacks are common and have been ongoing for years. As noted earlier, however, attackers constantly are enhancing their techniques. This was definitely the case in 2H 2021, as attackers took advantage of encryption to launch successful application-layer attacks.

Why Is Encryption a Problem?

For the past decade, there has been a massive movement in the security industry to implement strong encryption for websites, applications, communications, and much more. As of late 2021, more than 50 percent of the top 1 million websites supported TLS 1.3, the latest version of the Transportation Layer Security protocol used for encryption.

Read more about TLS 1.3 sessions Read more

Without question, attackers are aware of the increased use of encryption, and they have discovered new ways to take advantage of that trend—superseding the original intent of encryption, which was to make it more difficult for attackers to access privileged and valuable network data.

The unfortunate reality is that a great deal of overhead is required to process encrypted communications at large scale, adding additional stress on the part of IT and security teams who are attempting to provide distributed denial-of-service (DDoS) defense for encrypted applications. Meanwhile, this also makes it easier for threat actors to launch successful DDoS attacks against encrypted applications and services.

How Serious Is the Problem?

These trends were clearly evident in 2H 2021, which saw increasing numbers of application-layer attacks launched by bad actors. Attacks of as many as 17.2 million requests per second (Mbps) occurred, representing a significant new metric for HTTP/S-encrypted application-layer DDoS attacks.

There is no doubt that encryption can improve the confidentiality and integrity of security. However, security teams need to understand it can also have a negative impact on availability. As such, public-facing properties need to be designed and implemented with robust DDoS defense capabilities. 

Learn more about application-layer attacks and how threat actors are taking advantage of them in the 2H 2021 Intelligence Threat Report.