SINGAPORE - Media
OutReach - 5 October 2021 - A new cyber threat, coined a "Black Storm" attack, could potentially
wreak havoc on communications service provider (CSP) networks, according to new
distributed denial-of-service (DDoS) research from Nexusguard:
New Threat to CSP Networks – The Impending "Black Storm." While DDoS
amplification attacks rely on DNS servers or other similar open services to
interrupt connectivity, a Black Storm attack can leverage any device connected
to the Internet. Researchers caution that the volume from one Black Storm
attack could terminate medium to large-sized enterprises in a clean sweep and
severely cripple a large-scale CSP network.
According to the firm's analysis, hackers can
achieve Black Storm attacks more easily than amplification attacks, which could
quickly dominate the cyberworld. Black Storm attacks could be manifested by
hackers employing a BlackNurse attack in a reflective manner (rBlackNurse
attacks). By generating
spoofed UDP requests to CSP devices' closed UDP ports—a reflection of the ping
replies returned to the CSP
network ping sources in BlackNurse attacks—the devices respond with destination
port unreachable responses. As more devices continue to respond to the spoofed
IP source, the volume of responses completely overwhelms the target CSP network
and creates the Black Storm attack. Nexusguard advises CSPs to perform regular vulnerability
scanning, apply access control to routers and use deep learning-based detection
methods. Deep learning approaches can help CSPs analyze huge amounts of data
quickly and accurately while overcoming the inefficiencies inherent in
threshold or signature-based methods.
"The potential risk from impending Black Storm
attacks could obliterate individual enterprises and have devastating
consequences for communications service providers and completely saturate their
networks," warned Juniman Kasman, chief technology officer for Nexusguard.
"Networks targeted by these attacks need to apply deep learning intelligence in order to analyze
traffic patterns and identify Black Storm attacks well before they can be
The pandemic witnessed a massive increase in
reliance on connectivity as well as a 341% increase in DDoS attacks in 2020, which
strained CSPs and internet service providers (ISPs) that provide the networks
for the new levels of remote work. Nexusguard researchers caution that CSPs and
other organizations that rely on standard DDoS mitigation solutions designed to
detect and mitigate incoming traffic risk missing internal traffic issues,
which can arise from rBlackNurse traffic proliferating internally within CSP
To help CSPs quickly launch anti-DDoS
capabilities to protect customers, Nexusguard launched the TAP100
Program, which removes the hardware barriers associated with typical
anti-DDoS service ramp-up, allowing CSP product teams and C-suites to capture
new revenue opportunities and ensure superior customer service.
Nexusguard's DDoS threat research reports on
attack data from botnet scanning, honeypots, CSPs and traffic moving between
attackers and their targets to help companies identify vulnerabilities and stay
informed about global cyber security trends.
Read Nexusguard's full Black Storm
white paper for more details.