Rewterz Threat Update – Application Layer Protocol Targeted by New Loop DOS Attack Impacting Thousands of Hosts

Severity

High

Analysis Summary

Application layer protocol that depends upon User Datagram Protocol (UDP) for end-to-end communication has been targeted by the latest attack vector known as Loop DoS (denial-of-service) attack that approximately risked 300,000 internet hosts and their networks as per research.

According to a report by a cybersecurity firm, the Loop DoS attack connects two network servers in a way that they constantly keep responding to each other endlessly. As a result, a large volume of traffic is generated that causes denial of service to the involved networks and systems and once the loop is started, even the attackers are unable to stop it.

UDP is vulnerable to spoofing due to its connectionless protocol that does not verify source IP addresses. As a result, the threat actor forges numerous amounts of UDP packets that include the victims’ IP addresses, causing the destination server to respond to the victim rather than the threat actor, resulting in a denial of service.

The latest research found vulnerabilities in certain UDP implementations including legacy protocols Daytime, Time, Active Users, Echo, Chargen, and QOTD as well as contemporary protocols TFTP, DNS, and NTP, which are widely used to provide fundamental services on the internet like domain name matching, time synchronization between computers, etc.

In the Loop DoS attack, the threat actor executes a vulnerable version of protocols by communicating with the first server through a spoofed IP address of the second server, resulting in the first server responding to the victim instead of the threat actor with an error message. As a result, the victim acts similarly and exhausts the resources of each server resulting in the unavailability of services.

The researchers cautioned that although there isn’t any proof of the assault being weaponized in the wild just yet, it may still be easily exploited and affect several products from companies like Broadcom, Cisco, Honeywell, Microsoft, MikroTik, and Zyxel.

Impact

• Denial of Service
• Operational Disruption

Remediation

• Employ comprehensive DoS protection strategies, including protection at the application (Layer 7) level. Implement Web Application Firewalls (WAFs) to safeguard against application-specific attacks. 
• Implement rate limiting for incoming requests to limit the number of requests from a single source within a specified time frame. This can help mitigate the impact of rapid request and reset attacks.
• Implement thorough request validation to filter out malicious or unnecessary requests. This can help reduce the volume of requests that need to be processed and minimize the impact of the attack.
• Deploy IDPS solutions to detect and block abnormal traffic patterns associated with DoS attacks. These systems can identify and respond to suspicious behavior in real time.
• Keep all software, including web servers and application frameworks, up to date with the latest security patches. 
• Continuously monitor network traffic and establish baselines for normal activity.
• Use load balancers to distribute incoming traffic across multiple servers. Load balancers can help prevent a single server from being overwhelmed by an attack.
• Implement multi-factor authentication (MFA) for administrative access to critical systems and infrastructure to prevent unauthorized access during attacks.
• Implement robust monitoring and logging solutions to capture detailed data on network and application activity. This information can be invaluable for post-attack analysis and forensics.
• Thoroughly analyze your external and partner network’s external connections. This assessment will help identify Internet-facing systems that may be vulnerable. Implement necessary mitigations promptly.
• Place your DoS protection measures outside your data center. This strategic placement is essential because, once malicious traffic reaches your data center, mitigating a DoS attack becomes more challenging.