Report: Cybercriminals Use Cloud for DDoS Attacks | eWEEK | eWeek

Report: Cybercriminals Use Cloud for DDoS Attacks

enterprise management
Écrit par
Zeus Kerravala
Zeus Kerravala
Sep 12, 2022
4 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Over the past couple of years there has been a significant focus on phishing, ransomware and other threats that attack online users. While this focus is certainly prudent given the rise in those types of activities, it’s important to not take your eye off more “traditional” type attacks, such as distributed denial of service (DDoS).

DDoS attacks have created havoc for security professionals for decades and show no sign of abating. In fact, the number of DDoS attacks and the size of them continue to rise.

In an effort to help quantify the threat, service provider Lumen recently published its most recent DDoS report. The quarterly study focused on the security landscape in the 2nd quarter of 2022, specifically distributed denial of service (DDoS) attacks, where cybercriminals attempt to disrupt users from accessing the internet.

Given the cloud first, mobile and hybrid work environment most businesses find themselves in, losing access to the Internet can cost companies millions, if not billions, of dollars.

Also see: The Successful CISO: How to Build Stakeholder Trust

Top targets: tech, telco and gaming 

The data is collected from Lumen’s DDoS team and Black Lotus Labs threat research team and analyzed for key findings. In Q2 2022, Lumen mitigated 4,572 attacks. On average, the multinational tech company was mitigating 50 attacks daily, with April 8 and April 13 experiencing the highest number of attacks—111 and 108, respectively.

Attacks most frequently occurred on Tuesdays and Thursdays, and least frequently on Sundays. The top three targeted verticals in the 500 largest attacks included telecom, software and technology, and gaming.

During the quarter, Lumen mitigated one of its largest ever bandwidth attacks at 1.06 terabits per second (Tbps). The attack was part of a larger campaign targeting a gaming service hosted by a telco, which is a Lumen DDoS Mitigation Service customer. According to Lumen, the gaming service experienced no downtime, despite the attack’s size and complexity.

Hit and run attacks can fly under the radar

All activity occurred a week prior to 1 Tbps attack, which means the threat actor was testing various methods to determine the gaming service’s network defenses. These techniques are called out in the report as emerging “hit-and-run” attacks.

With this technique, victims are targeted with a series of consecutive or concurrent attacks that are small in both size and duration. Threat actors use the results of these early attacks to assess a company’s defenses and determine the attack method that will most likely lead to success.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Cloud services are now used to launch large scale attacks

Another interesting trend Lumen uncovered is an increase in attacks exploiting the cloud. Threat actors are using cloud-based services in a fraudulent way, either through compromised hosts or anonymizing services. Cloud providers’ resources are then leveraged to launch volumetric attacks against intended victims.

This creates an interesting scenario as it creates risk for both the cloud provider and the victim. While business need to be diligent in protecting against DDoS attacks, cloud providers must also ensure their services are not being abused.

In the report, Lumen offers tips to organizations that want to avoid cloud-related attacks, such as ensuring that accounts are protected by multifactor authentication. Services that are hosted in the cloud should also be kept up to date. If suspicious activity is detected, organizations should take steps to mitigate a potential attack, such as changing credentials and quarantining impacted hosts.

Advertisement

VoIP providers in the DDoS crosshairs

One trend that has continued from last year is a rise in attacks targeting VoIP providers. Lumen observed a 315 percent increase in session initiation protocol (SIP) attacks over Q1 2022, and a 475% increase over Q3 2021. SIP attacks affect VoIP infrastructure by overwhelming them with high traffic volume.

Overall, however, SIP attacks remain low compared to proven methods used to disrupt VoIP services like TCP-SYN flooding and UDP-based amplification.

Most organizations today use cloud applications to interact with customers and employees. Lumen recommends that organizations have DDoS mitigation in place to prevent threat actors from launching large-scale attacks. For example, monitoring network traffic not only helps detect an attack, but it can also show if the organization is being used as a proxy in an attack against someone else. Attack tactics are becoming more invasive and discreet; therefore, holistic protection is a must to ensure that business functions continue uninterrupted.

Also see: Best Website Scanners 

Beyond Corporate Infrastructure

DDoS attacks are not new, but they are changing. It’s not just the internal network that businesses must protect. The Lumen report highlights how threat actors are now moving beyond corporate infrastructure and extending their reach into cloud services, which businesses trust as being secure.

While cloud providers do an excellent job of thwarting attacks, they aren’t perfect and businesses need to have their own mechanisms to protect against this growing attack vector.

Also see: Top Digital Transformation Companies

Zeus Kerravala

Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions. Kerravala is considered one of the top 10 IT analysts in the world by Apollo Research, which evaluated 3,960 technology analysts and their individual press coverage metrics.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.