Total distributed denial of service (DDoS) attacks increased by 29 percent in Q2 2018 when compared to the same period last year, a new report said.
It’s not just the number of DDoS attacks that are alarming, it’s the size. For the period, average-size attacks (26.4Gbps) showed a year-over-year increase of 543 percent while maximum-size attacks (359Gbps) rose from last year by 464 percent, Nexusguard said in its newly released DDoS Threat Report 2018 Q2.
Communication service providers (CSPs), positioned as the medium between the attackers and the target’s servers and network infrastructure, bore the brunt of the spike in traffic assaults, the report said.
What accounts for the dramatic increase? The ability of attackers to marshal thousands of unsecured Internet of Things (IoT) devices into a zombie army, Nexusguard’s data showed. “In the quarter we saw an increase in both the average and maximum size of attacks over Q4 2017, and our insecure cyberworld became a target-rich battlefield: The 2018 FIFA World Cup came under attack, while cryptocurrency-related businesses continued to be targeted."
A case in point is the Satori botnet, a variant of the notorious Mirai assault that brought the Internet to its knees and infected more than 2.5 million IoT devices and systems worldwide in 2016. “Since its high-profile attack on Huawei home routers in December 2017, Satori has wreaked havoc over the past few months on various IoT devices,” Nexusguard said. “Additionally, the quarter saw the emergence of the Anarchy botnet, which exploited zero-day vulnerabilities in a similar fashion as Satori.”
Here are some stats:
- The top three attack vectors were User Datagram Protocol (UDP), which saps host resources and can render them inaccessible; Transmission Control Protocol Synchronized Packet (TCP SYN), when voluminous SYN requests with spoofed IP addresses are sent out; and, Internet Control Mechanism Protocol (ICMP) attacks, when request packets from spoofed IP addresses overload targeted servers.
- For the quarter, UDP attacks were up nearly 32 percent, TCP SYN rose by 18.5 percent, and ICMP climbed a little more than nine percent. The combined total of the three largest attack types is about 60 percent of overall attacks. Multi-vector attacks accounted for 48 percent of the total observed in the quarter, while single vector attacks accounted for 52 percent, with six vectors the maximum.
- In Q2, pure or blended TCP SYN attacks played a crucial role in boosting attack sizes in the quarter.
- Attacks lasting less than 90 minutes occupied 55 percent of the total, while those lasting longer accounted for 45 percent. Of the latter, about five percent extended past 1,200 minutes. The average duration was 318 minutes, while the longest attack lasted six days, five hours, and 22 minutes.
- Of total attacks, 64 percent were smaller than 10Gbps. The average size was 26.4Gbps and the maximum 359Gbps. Attacks smaller than 1Gbps made up about 20 percent while those ranging between 1Gbps and 10Gbps accounted for 45 percent.
- The U.S. (20 percent) and China (16.3 percent) were the top two global attack source regions. France followed in the third spot (7.3 percent), with Germany and Russia (each at 4.2 percent) making up the top five.
“Attackers remained largely focused on hit-and-run tactics, launching carefully timed attacks to strike during peak hours critical to their targets’ revenue-generating objectives,” the report concluded. “In light of today’s rampant growth of large-scale DDoS attacks, should take steps to enhance their preparedness to protect bandwidth, especially if their infrastructures are not built for full redundancy and failover.”