Denial-of-Service (DoS) and credential attacks are becoming more popular among criminals, a new report from cybersecurity firm F5 Labs claims.
Analyzing three years’ worth of attacks reported to its Security Incident Response Team (SIRT), F5 found that DoS, brute force, credential stuffing and API attacks are on the rise.
“Attackers, as always, choose the most efficient ways to turn a profit. Our weaknesses are their opportunities. We can definitely expect more password login, DoS and API attacks on the horizon,” said Raymond Pompon, Director of F5 Labs.
Almost a third (32 percent) of all of the incidents reported to SIRT were DoS attacks. The percentage is “creeping up”, F5 says; in 2020 there DoS attacks accounted for 36 percent of those reported.
Most DoS attacks are network volumetric floods (commonly known as TCP SYN or UDP floods). There were also reports of “Slow POST/Slowloris” attacks, the goal of which is to keep as many of a victim’s connections open as possible. Almost a fifth (19 percent) of reported DoS incidents involved attacks on DNS.
These attacks were most prominent in the Asia-Pacific, China and Japan, taking up more than half (57 percent) of all reported incidents.
The most frequently targeted organizations were service providers, educational institutions, public sector organizations and financial firms.