<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

DDoS Threat Report 2020 Q2

A shift in attack tactics by perpetrators in Q2 2020, saw a 570% increase in bit-and-piece attacks compared to the same period last year. Attackers adopted a more elaborate practise of bit-and-piece attacks to launch various amplification and UDP-based attacks to flood target networks with traffic, making detection and mitigation via traditional threshold-based methods all the more difficult for CSPs.

  • Bit-and-piece attacks are taken to a whole new level through blending multiple attacks: Smaller and more complex UDP-based and other amplification attacks were often used to maximize the impact of collateral damage on target networks. Bit-and-piece attacks result from injecting doses of junk traffic of negligible size into a large pool of IP addresses across hundreds of IP prefixes, which eventually paralyze the target when the junk traffic starts to accumulate from different IPs.
  • Harnessing power through blending multiple attack vectors: In the past, attackers have used bit-and-piece attacks with a single attack vector to launch new attacks based on that vector. However, in this quarter, Nexusguard reported a tendency to employ a blend of attack vectors to launch a wider range of UDP-based attacks, intended to increase the level of difficulty for CSPs to detect and differentiate between malicious and legitimate traffic.

There has been an obvious decrease in attack size, with perpetrators opting to employ small-sized attack traffic to attack more IP prefixes /24. This seriously undermines traditional threshold-based detection and mitigation, given that CSPs now need to detect and identify smaller and more complex attack traffic patterns amongst large volumes of legitimate traffic.

As can be seen in Figure, 51.57% of attacks were smaller than 30Mbps. In addition, 4,080 attacks were smaller than 5Mbps, 6,527 attacks were between 5Mbps and 10Mbps, and 9,637 attacks were between 10Mbps and 30Mbps.

You may be interested in

DDoS Threat Report 2020 Q1

In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter. While working from home has become the new norm due to COVID-19 pandemic restrictions, heavy use and reliance of online services ...

DDoS Threat Report 2019 Q4

An unprecedented concentration of DDoS attacks on US networks was observed, with more than 1,000 victims identified in various states. Whether motivated by politics, profiteering, crime or other malicious purposes, attacks were frequent and impactful. What’s more, ...

DDoS Threat Report 2019 Q3

DNSSEC (Domain Name System Security Extensions) remain the main driver of growth of DNS amplification attacks in the quarter, yet our analysts have detected a sharp and concerning rise in TCP SYN Flood attacks. TCP SYN Flood is not a new method, but findings indicate that techniques have grown in...

DDoS Threat Report 2019 Q2

DNS amplification attacks swelled in Q2 2019, with the amplified attacks spiking more than 1,000% compared with Q2 2018. Nexusguard researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of t...