<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

DDoS Threat Report 2016 Q2

With an 83% increase in attacks over the previous quarter, Q2 2016 has been rather active. For starters, there was an all-out, relentless two-day assault on a Russian telecom targeting 51,630 IPs on the Starlink network (note the big spike in the diagram below). The information we currently have allows us to only speculate on the root cause. But we note that the attack took place at about the same time that Ukrainian hacktivists were seen bragging to the media about hacking into Russian video feeds and identifying Russian soldiers in eastern Ukraine. There’s plenty of data to back up this observation. The victims of the Starlink attack have been identified as various organizations inside of Russia, including an energy products company, a bank, a medical device manufacturer, a clinic, and the internal communications services of the Starlink network itself.

2016_Q2

 

The data we observed in the quarter indicates that many attack tools are scripted and have set duration values. A good example: the DNS attacks bunched together in dark bands in the diagram above are clearly the result of specific time-set values. We also saw that SSDP attacks lasted almost double the mean in APAC versus globally. The same can be said of NTP attacks that had a mean time of 536 seconds in APAC vs. 337 globally this quarter. In short, NTP attacks are not only more popular in APAC, they also tend to last a lot longer.

You may be interested in

DDoS Threat Report 2020 Q1

In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter. While working from home has become the new norm due to COVID-19 pandemic restrictions, heavy use and reliance of online services ...

DDoS Threat Report 2019 Q4

An unprecedented concentration of DDoS attacks on US networks was observed, with more than 1,000 victims identified in various states. Whether motivated by politics, profiteering, crime or other malicious purposes, attacks were frequent and impactful. What’s more, ...

DDoS Threat Report 2019 Q3

DNSSEC (Domain Name System Security Extensions) remain the main driver of growth of DNS amplification attacks in the quarter, yet our analysts have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN Flood is not a new method, but findings indicate that techniques have grown in...

DDoS Threat Report 2019 Q2

DNS amplification attacks swelled in Q2 2019, with the amplified attacks spiking more than 1,000% compared with Q2 2018. Nexusguard researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of t...

DDoS Threat Report 2019 Q1

Despite the earlier FBI crackdown, the DNS amplification types of DDoS attacks continued to be a favorite of DDoS-for-hire websites, soaring more than 40 times their volume compared to last quarter. The resurgence of DDoS-as-a-service and the growing botnets reinforce the evolving cyber threat of...