2020 Marked a Renaissance in DDoS Attacks
Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.
Distributed denial-of-service (DDoS) attacks have been a staple of adversary toolkits longer than perhaps any other attack technique. Yet it s popularity among cybercriminals shows no signs of abating.
In fact, 2020 witnessed what some vendors are describing as a renaissance of the venerable attack technique. Amid major changes fostered by a global pandemic, cybercriminals deployed more DDoS attacks against more organizations in more industries than any time before. DDoS attacks became larger in volume, and the number of attacks exceeding 50 Gbps increased sharply as well.
The researchers were able to independently verify the vulnerability and exploit it in multiple ways to gain root privileges on Debian 10 with sudo 1.8.27; Ubuntu 20.04 and sudo 1.8.31; and Fedora 33 with sudo 1.9.2, according to Qualys. Other operating systems and distributions are likely vulnerable to the same issue.
No mitigations are available for the threat. Qualys recommends that all organizations using Unix and Linux distributions with sudo-enabled in them immediately implement vendor supplied patches or upgrade to sudo 1.9.5p2, the latest version of the utility. It was released this week. Patching is the only option, says Mehul Revankar, vice president of product management and engineering at Qualys.