<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

DDoS Threat Report 2017 Q3

A significant rise in network time protocol (NTP) amplification attacks – 10 times more than the same period in last year.

  • The volume of NTP Amplification attacks rose some 425% over Q2, with the largest recorded size of 25Gbps and 7Mpps.
  • Overall, the number of attacks increased 15.6% compared to Q2.
  • UDP-based attacks jumped sharply (68.7%) over Q2, a finding consistent with the focus of last quarter’s threat report.
  • UDP-based Flood, NTP Amplification, and HTTP Flood were the three most common vectors, respectively constituting 21.6, 15.2, and 12.8% of total attack vectors in the quarter.
  • Multi-vector attacks were predominant with 54.7% of the total. The most popular multi-vectors combined two vectors, most notably UDP-Flood blended with NTP Amplification, TCP SYN Flood, and ICMP Flood.


The sharp rise in UDP-based attacks (3,069 in Q2 vs. 5,176 in Q3 — a 68.7% increase) contributed largely to the rise in total attacks. The upsurge was in line with the quarterly focus in our Q2 threat report. UDP-based attacks, including
NTP Amplification, SSDP Amplification, and DNS Amplification also showed upward trends, accounting for an increase of approximately 425.4, 353.6, and 101.0%, respectively, between Q2 and Q3.

You may be interested in

DDoS Threat Report 2020 Q1

In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to inte...

DDoS Threat Report 2019 Q4

An unprecedented concentration of DDoS attacks on US networks was observed, with more than 1,000 victims identified in various states. Whether motivated by politics, profiteering, crime or other malicious purposes, attacks were frequent and impactful. What’s more, ...

DDoS Threat Report 2019 Q3

DNSSEC (Domain Name System Security Extensions) remain the main driver of growth of DNS amplification attacks in the quarter, yet our analysts have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN Flood is not a new method, but findings indicate that techniques have grown in...

DDoS Threat Report 2019 Q2

DNS amplification attacks swelled in Q2 2019, with the amplified attacks spiking more than 1,000% compared with Q2 2018. Nexusguard researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of t...

DDoS Threat Report 2019 Q1

Despite the earlier FBI crackdown, the DNS amplification types of DDoS attacks continued to be a favorite of DDoS-for-hire websites, soaring more than 40 times their volume compared to last quarter. The resurgence of DDoS-as-a-service and the growing botnets reinforce the evolving cyber threat of...