Denial-of-Service (DoS) and password login attacks such as brute force and credential stuffing are on the rise, according to new research from cybersecurity firm F5 Labs.
The analysis of three years of incidents reported to the F5 Security Incident Response Team (SIRT) found that DoS, brute force, credential stuffing and Application Programming Interface (API) attacks are becoming increasingly widespread.
“Attackers, as always, choose the most efficient ways to turn a profit. Our weaknesses are their opportunities. We can definitely expect more password login, DoS and API attacks on the horizon,” said Raymond Pompon, Director of F5 Labs.
According to F5 Labs, almost a third (32%) of all F5 SIRT’s annually reported incidents were DoS attacks. However, the percentage is creeping up with DoS attacks accounting for 36% of incidents reported in 2020.
Most DoS attacks are network volumetric floods (commonly known as TCP SYN or UDP floods). F5 SIRT also received reports of ‘Slow POST/Slowloris’ attacks, designed to initiate and keep as many of a victim’s connections open as possible. A total of 19% of reported DoS incidents involved attacks on DNS.
These attacks were most prominent in the APCJ region, accounting for 57% of its reported SIRT incidents. Service providers, educational institutions, public sector organizations and financial firms were the most frequently targeted organizations.