Lumen research reveals 60% growth of a known, preventable DDoS attack vector

Q3 DDoS report details attack trends, including the expanding base of CLDAP reflectors. #pressrelease

October 25, 2022

3 Min Read

DENVER – With October's focus on cybersecurity awareness, Lumen Technologies® (NYSE: LUMN) and its threat research team, Black Lotus Labs®, today released a pair of research reports including:

Lumen-Technologies-Q3-2022-DDoS-Report

  • New intelligence from Black Lotus Labs regarding the proliferation of Connectionless Lightweight Directory Access Protocol (CLDAP) reflectors – a known attack vector that is easily prevented with well-documented best practices.

  • The Q3 2022 Distributed Denial of Service (DDoS) report, which provides the latest data and trends from the Lumen DDoS mitigation platform.

  • Black Lotus Labs discovered more than 12,000 CLDAP services are open to the internet – a 60% increase over the past year.

  • Read the Black Lotus Labs blog titled "CLDAP Reflectors on the Rise Despite Best Practices" and the Lumen Q3 DDoS report.

CLDAP Research:

Background:

  • CLDAP is an essential service in Microsoft environments. When improperly configured to expose the service to the internet, CLDAP can carry a bandwidth amplification factor of up to 70 times the volume of traffic sent. This makes it an enticing target for cybercriminals launching DDoS attacks.

  • As soon as the CLDAP vulnerability was discovered in 2016, best practices for mitigating the threat were published; and yet, six years later, the number of exposed CLDAP reflectors is on the rise.

  • Using Lumen's global network visibility, Black Lotus Labs tracks CLDAP reflectors with a proprietary validator that registers distinct IPs that are open to reflection. This is a more precise assessment of the breadth of reflectors than has previously been available to the industry.

  • Notable findings:

Black Lotus Labs discovered more than 12,000 CLDAP services are open to the internet – a 60% increase over the past year.

One of the observed reflectors recently emitted 17 Gbps of traffic. At this level, just 100 CLDAP reflectors could be leveraged to wage an attack greater than 1 Tbps.

Lumen response

Black Lotus Labs is continuing to track and analyze vulnerable CLDAP reflectors and feed the intelligence into the Lumen Connected Security portfolio. The team is also expanding efforts to notify legitimate, third-party hosts of CLDAP reflection activity, and blocking long-lived CLDAP reflector traffic from traversing the Lumen global backbone.

Notable findings from the Lumen Q3 2022 DDoS report:

  • Lumen mitigated 5,547 attacks in Q3 – a 21% increase over Q2 – and the largest bandwidth attack scrubbed was 493 Gbps. This is nearly half the size of the largest mitigation in Q2 which, at 1.06 Tbps, was Lumen's largest to date.

  • Although Session Initiation Protocol (SIP) attacks only accounted for 3% of all mitigations, this attack vector – which targets VoIP infrastructure – remains of interest due to a dramatic upward trend over the past year. This quarter saw a 59% increase over Q2.

  • The top five targeted industries were Telecommunications, Gaming, Software and Technology, Government and Finance.

  • Of the 5,500+ attacks Lumen mitigated in Q3, nearly 40% targeted a single government customer. Despite the bombardment and a concentrated effort around July 4, the customer experienced no downtime.

Read the full press release here.

Lumen

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.
Sign me up

You May Also Like

Latest News

Venu Sports logo
Video Streaming
The Disney-Fox-WBD streaming JV has a name: Venu Sports
The Disney-Fox-WBD streaming JV has a name: Venu Sports

May 16, 2024

VEON logo on a smartphone, in front of a laptop showing its website.
Finance
VEON revenues up in Q1 amid growing 4G and digital services user base
VEON revenues up in Q1 amid growing 4G and digital services user base

May 16, 2024

IoT Internet of Things technology with connected devices exchanging data on network
IOT
OliverIQ fine-tunes its smart home pitch for broadband operators
OliverIQ fine-tunes its smart home pitch for broadband operators

May 16, 2024

Accenture's Jefferson Wang, AT&T's Cheryl Choy, Dish Network's Eben Albertyn and T-Mobile's Ankur Kapoor.
Open RAN
Hope permeates WIA show, but 5G downturn persists
Hope permeates WIA show, but 5G downturn persists

May 16, 2024

Upcoming Webinars
More Webinars

Popular whitepapers in 5G

thumbnail
Sponsored Content
5G Orchestration and Service Assurance: 2024 Heavy Reading Survey5G Orchestration and Service Assurance: 2024 Heavy Reading Survey
Apr 26, 2024
1 Min Read
thumbnail
5G
Operator transitions to 5G SA core decline YoY in 2023 – Counterpoint ResearchOperator transitions to 5G SA core decline YoY in 2023 – Counterpoint Research
Feb 29, 2024
3 Min Read
thumbnail
5G
5G Network Strategies Operator Survey: Powering 5G SA Networks5G Network Strategies Operator Survey: Powering 5G SA Networks
Feb 23, 2024
1 Min Read
May 21 - May 23, 2024
Join us for an immersive experience where the future of North American telecom industry unfolds in 2024.
LEARN MORE

Featured Videos

Sponsored Content
Get the scale, resilience and local expertise from the team/network that go above, below and beyond.
Get the scale, resilience and local expertise from the team/network that go above, below and beyond.
Sponsored Content
Demo: Explore the Value of Multi-Vendor Interoperability in Transport Technology with OIF and Juniper
Demo: Explore the Value of Multi-Vendor Interoperability in Transport Technology with OIF and Juniper
Sponsored Content
Heavy Reading analysts get ready for Network X Americas
Heavy Reading analysts get ready for Network X Americas