Distributed denial of service (DDoS) attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard's "Q4 2016 Threat Report."
The hybrid attacks were a common attack pattern against financial and government institutions.
The supersized Mirai attack from Q3 set the stage for Q4 challenges, resulting in a ripple of botnets from connected devices and the Internet of Things (IoT). At the close of 2016, Nexusguard researchers observed more than 426,700 bots executed since IoT botnet monitoring began in October. Attacks skyrocketed 150 percent between November and December, which researchers also attributed to the outbreak of the Mirai botnet source code.
The growth of sophisticated DDoS attacks quickly overloaded systems and impeded the identification of hacking activities in Q4. Nexusguard recommends organizations evaluate in-house capabilities alongside outsourced bandwidth to ensure support teams can analyze incidents and recommend solutions in a timely fashion.
"The popularity of the Mirai botnet and similar IoT vulnerabilities gave hackers ample ammo to overwhelm security and operations in Q4," said Juniman Kasman, chief technology officer for Nexusguard. "Malicious actors will continue to invent new attacks and blend them with multiple factors for maximum impact, forcing companies to rely on big data and intelligence-driven mitigation and develop strategic response teams that can quickly handle new threats."
Nexusguard analysts found China and the U.S. were the predominant countries vulnerable to IoT botnets, with 116,000 and 41,200 IoT botnets recorded respectively. While hackers continue to switch tactics to confuse cybersecurity teams, 97.5 percent of DDoS attacks used NTP methods, which continued to be the most popular DDoS attack method during the second half of 2016.
Researchers predict IoT botnets will continue to pose major cybersecurity challenges in 2017, causing more volumetric attacks at higher frequencies.