After the US Federal Bureau of Investigation (FBI) shut down 15 15 largest distributed denial-of-service (DDoS) for hire vendors or booters, the attacks have decreased by 11 percent, according to Nexusguard’s “Q4 2018 Threat Report.”
The report also noted that along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks. Still, Nexusguard, a managed DDoS mitigation service provider, cautions that botnets and demand for DDoS-for-hire services will pave the way for the return of these booter websites.
The report said that the booters were able to generate more than 200,000 DDoS attacks since 2014. Despite the effective crackdown by federal law enforcement on these sites in December 2018, Nexusguard researchers warn that organizations should remain vigilant as other booter services may rise to take their place and attack volume will revive.
The report says that “China held its lead as a source of DDoS attacks, with 23 percent of attacks originating in the country and 18 percent originating in the United States.”
Attack popularity
“Seizing command-and-control servers, booters and other resources has been a big part of the FBI’s fight against cybercrime, but this shutdown only scratches the surface of a global problem,” said Juniman Kasman, chief technology officer for Nexusguard. “While booters are visible targets, businesses must also manage the vulnerabilities that stem from unpatched hardware and software, human error and new attack methods, especially as the footprint of IoT expands.”
The report also found out that HTTPS attacks ranked third highest in attack popularity, compared to user datagram protocol (UDP) and simple service discovery protocol (SSDP) attacks.
“An unusual pattern of frequently repeated HTTPS attacks was observed against one customer, occurring nearly every day in December and up to 13 times in one day, demonstrating the attacker’s commitment to disrupting the target’s network for all of December, the busiest time of year for retail and entertainment businesses,” the report says.
Attack duration
Attack durations increased more than 175 percent to more than 450 minutes on average compared to last year. Attacks in the quarter were routinely targeted to occur during peak service hours for maximum disruption.
The quarterly report, which measures thousands of DDoS attacks around the world, showed that DDoS-for-hire websites represent the legal loopholes from website and network ownership, as well as IoT (Internet of Things) devices and rapidly changing infrastructure that allows hackers to exploit vulnerabilities before owners or manufacturers can thwart them.
More than 90 percent of DDoS attacks rated smaller than one Gbps in size. “Bit-and-piece” attacks continued from last quarter into Q4, employed in many campaigns regardless of the vector utilized. Bit-and-piece attacks beat detection thresholds in that the targeted IP address receives only a small number of responses in each organized campaign, leaving little or no trace. Black-holing all traffic to an entire IP prefix is a costly approach, due to the tactic blocking access to various legitimate services.
Nexusguard’s quarterly DDoS threat research measures attack data from botnet scanning, honeypots, communications service providers (CSPs) and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cyber security trends.
The report also noted that along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks. Still, Nexusguard, a managed DDoS mitigation service provider, cautions that botnets and demand for DDoS-for-hire services will pave the way for the return of these booter websites.
The report said that the booters were able to generate more than 200,000 DDoS attacks since 2014. Despite the effective crackdown by federal law enforcement on these sites in December 2018, Nexusguard researchers warn that organizations should remain vigilant as other booter services may rise to take their place and attack volume will revive.
The report says that “China held its lead as a source of DDoS attacks, with 23 percent of attacks originating in the country and 18 percent originating in the United States.”
Attack popularity
“Seizing command-and-control servers, booters and other resources has been a big part of the FBI’s fight against cybercrime, but this shutdown only scratches the surface of a global problem,” said Juniman Kasman, chief technology officer for Nexusguard. “While booters are visible targets, businesses must also manage the vulnerabilities that stem from unpatched hardware and software, human error and new attack methods, especially as the footprint of IoT expands.”
The report also found out that HTTPS attacks ranked third highest in attack popularity, compared to user datagram protocol (UDP) and simple service discovery protocol (SSDP) attacks.
“An unusual pattern of frequently repeated HTTPS attacks was observed against one customer, occurring nearly every day in December and up to 13 times in one day, demonstrating the attacker’s commitment to disrupting the target’s network for all of December, the busiest time of year for retail and entertainment businesses,” the report says.
Attack duration
Attack durations increased more than 175 percent to more than 450 minutes on average compared to last year. Attacks in the quarter were routinely targeted to occur during peak service hours for maximum disruption.
The quarterly report, which measures thousands of DDoS attacks around the world, showed that DDoS-for-hire websites represent the legal loopholes from website and network ownership, as well as IoT (Internet of Things) devices and rapidly changing infrastructure that allows hackers to exploit vulnerabilities before owners or manufacturers can thwart them.
More than 90 percent of DDoS attacks rated smaller than one Gbps in size. “Bit-and-piece” attacks continued from last quarter into Q4, employed in many campaigns regardless of the vector utilized. Bit-and-piece attacks beat detection thresholds in that the targeted IP address receives only a small number of responses in each organized campaign, leaving little or no trace. Black-holing all traffic to an entire IP prefix is a costly approach, due to the tactic blocking access to various legitimate services.
Nexusguard’s quarterly DDoS threat research measures attack data from botnet scanning, honeypots, communications service providers (CSPs) and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cyber security trends.