More than 90 percent of DDoS attacks rated smaller than one Gbps in size. “Bit-and-piece” attacks continued from last quarter into Q4, employed in many campaigns regardless of the vector utilized. Bit-and-piece attacks beat detection thresholds in that the targeted IP address receives only a small number of responses in each organized campaign, leaving little or no trace. Black-holing all traffic to an entire IP prefix is a costly approach, due to the tactic blocking access to various legitimate services.
- HTTPS attacks ranked third highest in attack popularity, compared to user datagram protocol (UDP) and simple service discovery protocol (SSDP) attacks. An unusual pattern of frequently repeated HTTPS attacks was observed against one customer, occurring nearly every day in December and up to 13 times in one day, demonstrating the attacker’s commitment to disrupting the target’s network for all of December, the busiest time of year for retail and entertainment businesses.
- Attack durations increased more than 175 percent to more than 450 minutes on average compared to last year. Attacks in the quarter were routinely targeted to occur during peak service hours for maximum disruption.
- China held its lead as source of DDoS attacks, with 23 percent of attacks originating in the country and 18 percent originating in the United States.