Threat Management, Network Security, Network Security

Attackers leveraging WS-Discovery protocol to amplify attacks

A recently discovered distributed denial of service technique that abuses the Web Services Dynamic Discovery specification is being executed in the wild by multiple threat actors to amplify the effects of their attacks, researchers have warned.

The technique is a User Datagram Protocol (UDP) Amplification technique that involves spoofing requests to the WS-Discovery service. WS-Discovery is a specification designed to facilitate the discovery and connectivity of devices and services on a local network.

A spoofing attack leveraging this protocol causes a targeted internet-based server to send an overwhelming number of responses, using up its bandwidth, explains researchers at Akamai Technologies in a blog post yesterday. Akamai recently detected such an attack against one of its own clients in the gaming industry, states blog author Jonathan Respeto, security intelligence response team engineer at Akamai.

Akamai's SIRT team has determined that WS-Discovery DDoS attacks can generate amplification rates reaching 15,300 percent of the original byte site, giving it the fourth highest reflected amplification factor among all varieties of DDoS attacks. The attack against the gaming company reached a peak bandwidth of 35/Gbps, Respeto notes.

WS-Discovery's role in DDoS attacks was originally disclosed back in August by ZDNet, which at the time reported that in-the-wild attacks exploiting this vector have been taking place as far back as May 2019. Citing internet search engine BinaryEdge, the report at the time said that almost 630,000 devices were confirmed to support the protocol and were therefore vulnerable. Susceptible devices include IP cameras, home appliances, printers, CCTV systems and DVRs, according to the ZDNet and Akamai reports.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.