2015 was the year where we saw new methods being utilized when it comes to DDoS attacks. According to the report by Kasperky, 2015 gave rise to reflection attacks, usage of botnets and application level attacks.
Hackers have also utilized IoT devices where hackers targeted CCTV cameras to launch a DDoS attack. CCTV cameras are being used to form a botnet and bring down large websites. Most of the blame lies on the management where the default passwords are not modified. The hackers would install malware programs like Bashlite, Lightaidra or GayFgt. Based on the latest reports, researchers found 900 CCTV cameras forming a botnet to attack a website.
2015 also saw rise in reflection DDoS attacks that utilized NetBIOS name servers , RPC portmaps and Sentinel licensing servers. By using corrupted packets, an attacker is able to take victim’s IP offline by using amplification that might happen by accident at at the protocol level. Instead of sending one corrupted packet, the flaw ends up amplifying the packet by the factor of 10.
DDoS attacks will continue to evolve and hackers will look for ways to always stay a step ahead. Most of the attacks are using exploits in scripts, protocols and devices and they can be avoided if proper steps are taken by the system admins.