<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

DDoS Threat Report 2018 Q4

More than 90 percent of DDoS attacks rated smaller than one Gbps in size. “Bit-and-piece” attacks continued from last quarter into Q4, employed in many campaigns regardless of the vector utilized. Bit-and-piece attacks beat detection thresholds in that the targeted IP address receives only a small number of responses in each organized campaign, leaving little or no trace. Black-holing all traffic to an entire IP prefix is a costly approach, due to the tactic blocking access to various legitimate services.

  • HTTPS attacks ranked third highest in attack popularity, compared to user datagram protocol (UDP) and simple service discovery protocol (SSDP) attacks. An unusual pattern of frequently repeated HTTPS attacks was observed against one customer, occurring nearly every day in December and up to 13 times in one day, demonstrating the attacker’s commitment to disrupting the target’s network for all of December, the busiest time of year for retail and entertainment businesses.
  • Attack durations increased more than 175 percent to more than 450 minutes on average compared to last year. Attacks in the quarter were routinely targeted to occur during peak service hours for maximum disruption.
  • China held its lead as source of DDoS attacks, with 23 percent of attacks originating in the country and 18 percent originating in the United States.
2018_Q4

 

 

The concentration of HTTPS attacks has caught our attention. In a rampant attack case, one of our
customers was targeted throughout most days of December except two days. The durations of attacks on the victim network ranged from 28.95 minutes to 1493.93 minutes. An average of 13 attacks were logged within a day. It is believed that the attacker meant to take the network down throughout December—a traditional peak season for retail and entertainment.

You may be interested in

DDoS Threat Report 2020 Q1

In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to inte...

DDoS Threat Report 2019 Q4

An unprecedented concentration of DDoS attacks on US networks was observed, with more than 1,000 victims identified in various states. Whether motivated by politics, profiteering, crime or other malicious purposes, attacks were frequent and impactful. What’s more, ...

DDoS Threat Report 2019 Q3

DNSSEC (Domain Name System Security Extensions) remain the main driver of growth of DNS amplification attacks in the quarter, yet our analysts have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN Flood is not a new method, but findings indicate that techniques have grown in...

DDoS Threat Report 2019 Q2

DNS amplification attacks swelled in Q2 2019, with the amplified attacks spiking more than 1,000% compared with Q2 2018. Nexusguard researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of t...

DDoS Threat Report 2019 Q1

Despite the earlier FBI crackdown, the DNS amplification types of DDoS attacks continued to be a favorite of DDoS-for-hire websites, soaring more than 40 times their volume compared to last quarter. The resurgence of DDoS-as-a-service and the growing botnets reinforce the evolving cyber threat of...