A newly identified threat coined Black Storm could potentially wreak havoc on communications service provider networks.
In typical DDoS amplification attack, those behind the attack rely on DNS servers or other open services. Where a Black Storm attack becomes both interesting and scary. Attackers can leverage any device connected to the internet. The volume from one Black Storm attack could terminate medium- to large-sized enterprises in a clean sweep and severely cripple a large-scale CSP network.
Black Storm attacks can be achieved more easily than amplification attacks and could quickly dominate. Black Storm attacks could be manifested by hackers reflectively employing a so-called BlackNurse attack. BlackNurse attacks are a form of DoS attacks based on ICMP flooding.
By generating spoofed UDP requests to devices connected to a CSP on closed UDP ports, a reflection of the ping replies return to the CSP network ping sources in BlackNurse attacks. The devices respond with destination port unreachable responses. As more devices continue to respond to the spoofed IP source, the volume of responses completely overwhelms the targeted CSP network and hence becomes a Black Storm Attack.
The researchers are advising CSPs to perform regular vulnerability scanning, apply access control to routers and use deep learning-based detection methods. The deep learning approaches can assist CSPs in analyzing data quickly and accurately while overcoming the inefficiencies inherent in threshold or signature-based methods.