<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

DDoS Threat Report 2019 Q3

DNSSEC (Domain Name System Security Extensions) remain the main driver of growth of DNS amplification attacks in the quarter, yet our analysts have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN Flood is not a new method, but findings indicate that techniques have grown in sophistication and have emerged as the third most used attack vector, behind DNS amplification and HTTP flood attacks.

  • SYN Flood reflection not only hits targeted victims, but also can impact innocent users, including individuals, businesses, and other organizations. As a result, bystanders can incur hefty fees for bandwidth consumed by junk traffic, or even suffer from secondary outages.
  • Even plain-vanilla network attacks could be turned into complex, stealthy attacks leveraging advanced techniques, from the bit-and-piece attacks, also known as carpet bombing.
  • Enterprise networks and telcos must take heed of the resurgence of old threats to avoid junk traffic consuming user bandwidth.
2019_Q3

In Type 1 (56.36% of SYN Flood attacks in Q3), an attacker mobilizes a huge number of random, spoofed IP addresses to send an enormous volume of SYN requests to a single IP, causing the victim server to respond with SYN-ACK packets to voluminous malicious requests. In Type 2 (33.24% of SYN Flood attacks in Q3), an attacker leverages a large, fixed pool of real IP addresses (e.g., servers, routers, IoT devices) to generate malicious SYN packets to hit one destination IP per attack. In Type 3 (10.40% of SYN Flood attacks in Q3), multiple, fixed spoofed-source IPs are used to abuse two destination IPs.

You may be interested in

DDoS Threat Report 2020 Q1

In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to inte...

DDoS Threat Report 2019 Q4

An unprecedented concentration of DDoS attacks on US networks was observed, with more than 1,000 victims identified in various states. Whether motivated by politics, profiteering, crime or other malicious purposes, attacks were frequent and impactful. What’s more, ...

DDoS Threat Report 2019 Q2

DNS amplification attacks swelled in Q2 2019, with the amplified attacks spiking more than 1,000% compared with Q2 2018. Nexusguard researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of t...

DDoS Threat Report 2019 Q1

Despite the earlier FBI crackdown, the DNS amplification types of DDoS attacks continued to be a favorite of DDoS-for-hire websites, soaring more than 40 times their volume compared to last quarter. The resurgence of DDoS-as-a-service and the growing botnets reinforce the evolving cyber threat of...