A Global DDoS-Campaign against ISPs has been spotted since Aug 27, very often targeting DNS.
Swithak collected these in a Twitter-Thread and counts upo to 14 ISPs/Telcos and Hosting-Provider who had been targeted with mostly DNS-based DDOS-Attacks, starting Aug 27.
We analyzed a random sample of DNS-Infrastructure from some targets and found BIND-DNS-Servers, and we urge any provider to update their DNS-Servers as soon as possible.
The attacks correlates with the latest ISC-Bind - vuln reported by Talos just a week ahead of these attacks, where Talos also talked about an available PoC
Here is a Report from Radware, talking about the same issue: Global Ransom DDoS Campaign Targeting Finance, Travel and E-Commerce
Report by Radware Ransom DDoS Campaign: Circling Back, who spotted the campaign again End of 2020/early 2021
The wave had been seen end of march 2021: 800Gbps DDoS extortion attack hits gambling company
- The gang had been seen in DACH-Region (Germany, Austria, Switzerland) targetting smaller ISP and Datacenter. src
coordinated attacks against VOIP-Providers
- coordinated extortion-attacks against mutiple email-providers
attacking: Posteo, Fastmail, Runbox, mailbox.org
We can provide our Luup-Clients with analysis regarding their own infrastructure.
Fragen? Kontakt: email@example.com