HQ/EMEAFind out how we can help your business
A new cybercriminal campaign known as the ‘Loop DoS’ attack is currently on track to be one of the most prominent threats in the cybersecurity landscape.
A research team has crafted this new method, which targets application layer protocols, effectively catching network services in an endless communication loop, thereby generating massive traffic volumes.
This attack that leverages the User Datagram Protocol (UDP) can potentially disrupt approximately 300,000 hosts along with their associated networks. The vulnerability exploited by the attack, identified as CVE-2024-2169, is within the implementation of the UDP protocol. It is particularly prone to IP spoofing and lacks sufficient packet verification measures.
Exploiting this vulnerability, potential malicious individuals can create a self-sustaining mechanism that floods the target system or network with overwhelming traffic, leading to a denial-of-service (DoS) status. Moreover, the new attack relies on IP spoofing, which an unauthorised individual could initiate from a single host with just one message.
The Loop DoS campaign has a vast potential that could impact organisations globally.
Potential Loop DoS operators that exploit this vulnerability could achieve various outcomes, such as overloading vulnerable services, causing network outages, or initiating amplification attacks through network loops.
In addition, the significant potential impact of Loop DoS could affect both outdated and modern protocols critical for essential internet-based functions such as time synchronisation, domain name resolution, and file transfer.
The attack operates by initiating a communication between two application servers, with the attacker spoofing the network address of the victim server. This tactic sets off a chain reaction of error messages between the servers until it depletes all available resources, rendering the servers unresponsive to legitimate requests.
While the researchers have not found evidence of active exploitation, they have alerted affected vendors. On the other hand, the vendors have acknowledged the vulnerability in their implementations and are working on patches.
Researchers urge users to update the latest patch that the vendors will release, disable unnecessary UDP services, and implement TCP or request validation to mitigate the risk of a Loop DoS attack.
Lastly, anti-spoofing solutions with quality-of-service (QoS) measures should be deployed to help limit network traffic and protect against abuse from network loops and DoS amplifications.
