AVrecon’s existence, with captured devices in 20 countries, has been validated by researchers outside of Lumen. Credit: Postmodern Studio / Shutterstock.

New research published by telecom provider Lumen on Q3 2023 DDoS and Application Threat activity found hackers leveraging more advanced methods to exploit vulnerabilities, exfiltrate data, disrupt business operations and commit fraud.  In the report published this month, Lumen suggests cybercriminals are capitalising on the expansion of the number of connected home devices to build out networks for DDoS and other application attacks.

Lumen’s Black Lotus Labs research arm identified at least 70,000 hijacked SOHO routers and other devices that are part of the AVrecon botnet. AVrecon has been running for over two years without being discovered. AVrecon’s existence, with captured devices in 20 countries, has been validated by researchers outside of Lumen. Leveraging these devices, hackers were able to circumnavigate many threat detection mechanisms, including geolocation-based and IP-addressed-based rate-limiting tools. Attackers used these devices to launch a range of nefarious activities including data exfiltration through Microsoft Outlook and online advertising fraud.  These “sneak attacks” are harder to detect than high profile DDoS incidents that present in a more obvious way. 

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

The Lumen research notes the actual number of DDoS attacks against its customers in Q3 dropped 23% from the prior quarter, noting “seasonality” as the cause of the decline, Lumen still blocked 4,217 incidents, an average of 51 per day for the quarter. While Lumen deflected a number of high bandwidth attacks in the first half of the year, the provider saw a 32% decrease in the largest attacks.  However, Lumen saw an increase in average bandwidth size of 54%.  The biggest of these were launched against telcos with the majority coming around the 4 July US holiday weekend time.

The nature of DDoS attacks is also always evolving.  Lumen reported that while the majority of attacks (65%) in Q3 were single vector attacks and there was a 21% decline in multi-vector, the latter was still very common in the banking industry. 

For the first time, banking was the most targeted sector of Lumen’s clients for DDoS attacks, largely because a single day in September when Lumen helped one institution stave off 230 separate attacks. In 21 September 2023, DDoS onslaught, threat actors employed an unprecedented four vector campaign.  These included DNS Amplification, IP Fragmentation, Invalid Packets and Static Filtering. 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.