Nexusguard’s real-time data analysis of threats facing enterprise and service-provider networks worldwide shows that the total attack count decreased by 71% compared to the figures recorded in 2HY 2022. However, the average attack size increased by 183%, highlighting the potentially devastating impacts for companies caught in the crosshairs of DDoS actors. 

Not only did attacks have become less frequent, but 68% of attacks were shorter than 90 minutes. The average duration decreased by 45% and 25% HoH and YoY, respectively. Similarly, despite the surge in the average size of attacks, the maximum attack size decreased by 31%, with the most significant attack peaking at 250.0Gbps, compared to 2HY 2022.

The most common attack types in 1HY 2023 were NTP Amplification Attacks and HTTPS Flood Attacks, contributing 28% and 21% of the total attacks, respectively. This is significant because these attack vectors, along with Memcached Attacks (15%), the third most common in 1HY 2023, have very high bandwidth amplification factors, forcing servers to allocate maximum resources to handle the volumetric attack traffic. As a result, legitimate requests cannot get through.

Other key findings include:

• NTP Amplification Attacks: These attacks decreased by 80% compared to the previous half and increased by 660% compared to the same period last year. 
• HTTPS Flood Attacks: These attacks decreased by 39% compared to the previous half but increased by less than 1% compared to the same period last year.
• Attack types: Volumetric (Amplification) attacks contributed 53% of the total attacks, decreasing by 76% compared to the previous half and increasing by 177% year over year. Application attacks represented 27% of the attacks, with a decrease of 39% compared to the previous half and an increase of 15% year over year.
• Attack protocols: UDP and TCP-based attacks dominated, contributing 65%  and 34%, respectively. UDP attacks decreased by 75% compared to the previous half and 19% year over year, while TCP attacks fell by 51% and 15% compared to the previous half and year over year, respectively.
• Attack duration: Most attacks (68%) lasted less than 90 minutes, with 24% exceeding 1,200 minutes. The average attack duration in 1HY 2023 was 68.76 minutes, with the longest attack lasting 24,627.33 minutes.
• Attack sizes: 89% of attacks were smaller than 1Gbps, 10% ranged between 1 and 10Gbps less than 1% were larger than 10Gbps.
• Attack techniques: Single-vector attacks accounted for 91% of all attacks, with "HTTP Flood and HTTPS Flood" being the most commonly used multi-vector attack combination (27%).
• Impact on communication service providers (CSPs): ASN-level CSPs, especially ISPs, continue to be impacted by stealthy, sophisticated Bit-and-Piece Attacks aka Carpet Bombing Attacks, an attack vector Nexusguard first identified in Q3 2018, which involves drip-feeding junk traffic into a large IP pool.

Donny Chong, Director of Nexusguard, said:

“It is abundantly clear that the DDoS threat shows no sign of abating”, said Donny Chong, Director of Nexusguard. “The constant game of cat-and-mouse between attackers and defenders, the shift in tactics and the fact that the average attack size continues to grow means that global organisations are always on the defensive. With an increasing number of DDoS attackers setting their sights on exploiting normal behaviour between network devices and servers to target the networks connected through the internet, investment in robust protection is essential.

“As threats continue to evolve, organisations must proactively adapt to protect digital infrastructure from new types of attack while continuing to combat those tried, tested and effective vectors that continue to wreak havoc across the globe. With more geopolitical upheaval over the past few months, we expect to see further escalation of the DDoS threat in 2HY 2023 and beyond.”

Download the full report here.

About the DDoS Statistical Report for 1HY 2023
Nexusguard observes and collects real-time data on threats facing enterprise and service-provider networks worldwide. Threat intelligence is gathered via attack data, research, publicly available information, Honeypots, internet service providers (ISPs), and logs recording traffic between attackers and their targets. The analysis identifies vulnerabilities and measures attack trends worldwide to view DDoS threats comprehensively. 

Attacks and hacking activities have a major impact on cybersecurity. Because of the comprehensive, global nature of our data sets and observations, Nexusguard can evaluate DDoS events in a manner that is not biased by any single set of customers or industries. Many zero-day threats are first seen on our global research network. These threats, among others, are summarised in the report.

About Nexusguard
Founded in 2008, Nexusguard is a leading distributed denial of service (DDoS) security solution provider fighting malicious internet attacks. Nexusguard ensures uninterrupted internet service, visibility, optimization and performance. Nexusguard is focused on developing and providing the best cybersecurity solution for every client across a range of industries with specific business and technical requirements. Nexusguard also enables communications service providers to deliver DDoS protection solutions as a service. Nexusguard delivers on its promise to provide you with peace of mind by countering threats and ensuring maximum uptime. Visit www.nexusguard.com for more information.

Media contact

Babel PR for Nexusguard
nexusguard@babelpr.com

Nexusguard
media@nexusguard.com