A series of large-scale Distributed Denial of Service (DDoS) attacks originating in Singapore have slammed thousands of websites, leaving website users and administrators stunned at its scale
The attacks are currently flooding websites while local and edge firewalls are in overtime blocking the bad requests.
The bot coordinated assault, identified through several IP reporting databases and webmasters, has raised concerns about the increasing sophistication of cyber threats.
The IPs involved in the attacks are:
- 43.134.35.92
- 43.156.12.221
- 124.156.207.67
- 129.226.215.97
Cloudflare logs report the IPs are linked to the Autonomous System Number (ASN) AS132203, associated with Tencent-NET-AP-CN, located at Tencent Building, Kejizhongyi Avenue.
The user agent identified during the attacks is reported as Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/70.0.276.73 Safari/537.36. This suggests that the attackers may have employed a blend of user agents to obfuscate their activities.
Cloudflare logs also indicate that the attacks utilised HTTP/2, indicating a level of sophistication in the execution. The use of this protocol allows attackers to amplify the impact of their assault, potentially overwhelming targeted servers and networks more efficiently.
According to user reports on abuseipdb.com, the nature of the attacks appears to involve brute force password attacks and SSH port attacks.
These methods aim to exploit vulnerabilities in website security by repeatedly attempting to gain unauthorised access through password guessing or targeting specific ports used for secure shell (SSH) connections.
Website administrators and cybersecurity experts are urging affected parties to take immediate action to mitigate the impact of these attacks.
Recommendations include implementing DDoS mitigation measures, such as leveraging DDoS protection services, configuring firewalls, and collaborating with hosting providers to enhance overall security.
Subscribers possessing a Cloudflare Bot Management account can benefit from the seamless advantage of receiving automatic mitigation for the identified attack, ensuring enhanced security and uninterrupted website functionality.
Last year distributed denial-of-service attack was identified as the cause of an online service outage that affected several public healthcare institutions in Singapore.
And the attacks are continuing, according to national healthtech agency Synapxe, which is responsible for the IT operations that support the country’s public healthcare network.
The network encompasses 46 public healthcare institutions, such as hospitals and polyclinics, and 1,400 community partners that include nursing homes and general practitioners.
