<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

DDoS Threat Report 2016 Q3

In Q3 2016, reflection-based DDoS attacks decreased, while botnets picked up more headlines. The quarter did, however, see a few notable DDoS attacks that made international news: one targeting Brian Krebs, a journalist covering the cybercrime beat, and another hitting OVH, an Internet hosting provider. Both attacks utilized botnets, which isn’t rare, although the speeds with which they were launched were unprecedented for botnets. A branch of the jgamblins github containing the source code can be seen here: https://github.com/kingtuna/Mirai-Source- Code. The botnet (Mirai) consisted of systems that were on-boarded via telnet password cracking in a process that the coder described as a real-time load. It’s interesting that the botnet used GOLang to control the environment (we switched over C for our service emulation).

Overall, the quarter was characterized by a daily downtick in the average number(1269) of reflection-based DDoS attacks, a decrease on nearly 40%.

2016_Q3

 

 

Q3 2016 said goodbye to UnrealTournament- and Sentinel-based attacks, although the number of attacks for both services was pretty small to begin with. Just as in Q2, NTP continued to reign supreme as the go-to tool for Q3 DDoS attacks in Asia. During the quarter NTP accounted for 90% of all reflective attacks — well above the global average of 66%. Chargen — NTP’s nearest “competitor” — accounted for only 6% of attacks.

You may be interested in

DDoS Threat Report 2020 Q1

In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to inte...

DDoS Threat Report 2019 Q4

An unprecedented concentration of DDoS attacks on US networks was observed, with more than 1,000 victims identified in various states. Whether motivated by politics, profiteering, crime or other malicious purposes, attacks were frequent and impactful. What’s more, ...

DDoS Threat Report 2019 Q3

DNSSEC (Domain Name System Security Extensions) remain the main driver of growth of DNS amplification attacks in the quarter, yet our analysts have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN Flood is not a new method, but findings indicate that techniques have grown in...

DDoS Threat Report 2019 Q2

DNS amplification attacks swelled in Q2 2019, with the amplified attacks spiking more than 1,000% compared with Q2 2018. Nexusguard researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of t...

DDoS Threat Report 2019 Q1

Despite the earlier FBI crackdown, the DNS amplification types of DDoS attacks continued to be a favorite of DDoS-for-hire websites, soaring more than 40 times their volume compared to last quarter. The resurgence of DDoS-as-a-service and the growing botnets reinforce the evolving cyber threat of...