Security researchers have warned that attackers are exploiting in the wild a recently discovered distributed denial of service technique that abuses the Web Services Dynamic specification. The technique is a User Datagram Protocol (UDP) Amplification technique that involves spoofing requests to the WS-Discovery service. WS-Discovery is a specification designed to facilitate the discovery and connectivity of devices and services on a local network.
A spoofing attack leveraging this protocol causes a targeted internet-based server to send an overwhelming number of responses, using up its bandwidth, explains security researchers at Akamai Technologies. They have also recently detected such an attack against one of its own clients in the gaming industry. As per the reseachers, WS-Discovery DDoS attacks can generate amplification rates reaching 15,300 percent of the original byte site, giving it the fourth highest reflected amplification factor among all varieties of DDoS attacks. The attack against the gaming company reached a peak bandwidth of 35/Gbps.
WS-Discovery’s role in DDoS attacks was originally disclosed back in August by ZDNet, which at the time reported that in-the-wild attacks exploiting this vector have been taking place as far back as May 2019. Citing internet search engine BinaryEdge, the report at the time said that almost 630,000 devices were confirmed to support the protocol and were therefore vulnerable. Susceptible devices include IP cameras, home appliances, printers, CCTV systems and DVRs, according to the ZDNet and Akamai reports.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street