The DDoS Statistical Report for 1HY 2023 shows significant changes in attack patterns and trends in the first half of 2023, revealing details of attack size, duration, types, categories, distribution and targets.
The most common attack types in 1HY 2023 were NTP Amplification Attacks and HTTPS Flood Attacks, contributing 28% and 21% of the total attacks, respectively. This is significant because these attack vectors, along with Memcached Attacks (15%), the third most common in 1HY 2023, have very high bandwidth amplification factors, forcing servers to allocate maximum resources to handle the volumetric attack traffic. As a result, legitimate requests cannot get through.
Other key findings include:
- NTP Amplification Attacks: These attacks decreased by 80% compared to the previous half and increased by 660% compared to the same period last year.
- HTTPS Flood Attacks: These attacks decreased by 39% compared to the previous half but increased by less than 1% compared to the same period last year.
- Attack types: Volumetric (Amplification) attacks contributed 53% of the total attacks, decreasing by 76% compared to the previous half and increasing by 177% year over year. Application attacks represented 27% of the attacks, with a decrease of 39% compared to the previous half and an increase of 15% year over year.
- Attack protocols: UDP and TCP-based attacks dominated, contributing 65% and 34%, respectively. UDP attacks decreased by 75% compared to the previous half and 19% year over year, while TCP attacks fell by 51% and 15% compared to the previous half and year over year, respectively.
- Attack duration: Most attacks (68%) lasted less than 90 minutes, with 24% exceeding 1,200 minutes. The average attack duration in 1HY 2023 was 68.76 minutes, with the longest attack lasting 24,627.33 minutes.
- Attack sizes: 89% of attacks were smaller than 1Gbps, 10% ranged between 1 and 10Gbps less than 1% were larger than 10Gbps.
- Attack techniques: Single-vector attacks accounted for 91% of all attacks, with "HTTP Flood and HTTPS Flood" being the most commonly used multi-vector attack combination (27%).
- Attack Impact on communication service providers (CSPs): ASN-level CSPs, especially ISPs, continue to be impacted by stealthy, sophisticated Bit-and-Piece Attacks aka Carpet Bombing Attacks, which involves drip-feeding junk traffic into a large IP pool.