2018 DDoS Attack Landscape-1

2018 DDoS Attack Landscape-1

April 5, 2019 | Mina Hao

NSFOCUS Security Lab research has seen a dramatic decrease in DDoS attacks between 2017 and 2018.  We are in consensus with other TI vendors  as to most of the driving factors behind this large scale reduction, except one. This webinar 1 will show why NSFOCUS is breaking from the pack on one of the key factors leading to the significant decrease in DDoS attacks in 2018.

Executive Summary

2018 witnessed transformations in every corner of both cyberspace and the real world driven by the every quickening growth of the Internet as well as the implementation of revolutionary and evolutionary technologies related to cloud computing, big data, artificial intelligence (AI), Internet of things (IoT), and Industry 4.0.2 Every one of these exerted a continuous and extensive influence upon people’s livelihood, business development, and national strengths. Amid fast technological innovations, the threats facing netizens and cyberspace are also changing and escalating.

Technological and industrial environments are changing, leading to much different battlefields between the offensive and defensive than before. Cyberattack methods and their intensity keep evolving and upgrading, making it easier to launch DDoS attacks, which have never stopped since they made their debut.

In February 2018, an IPv6 DDoS attack targeting DNS servers was spotted, making it the first documented attack of its type. According to Neustar, a DNS service provider, hackers are deploying new methods for IPv6 attacks, not simply replicating IPv4 attacks using IPv6 protocols.3 In March 2018, GitHub, a well-known code hosting website, was hit by a DDoS attack that peaked at 1.35 Tbps. It was reported that the attack group behind this attack used artificial intelligence (AI) and machine learning algorithms to automatically amplify the amount of traffic based on the distributed memory caching system Memcached. At the time of writing, the largest DDoS attack based on Memcached was recorded at 1.7 Tbps.4

The effectiveness of attack methods and the convenience of profit-making are major contributors to the long-lived DDoS attacks, which, together with cryptomining, have topped the list of attacks most favored by attackers in the past two years. The Cybersecurity Law of the People’s Republic of China came into force in 2017 and then the second half of the year saw a sharp rise in the value of cryptocurrency represented by Bitcoin. In this context, prime botnet resources available in the black market began to be switched from comparatively costly DDoS attacks to cost-efficient cryptomining activities. The fluctuation of Bitcoin prices has a direct bearing on DDoS attack traffic. In 2018, we found that attackers were more inclined to launch DDoS attacks when the short-term benefits from cryptomining activities declined. Profits are the permanent pursuit of attackers, who always take DDoS as a handy weapon. Defenders cannot afford to overlook such a fact.

Chapter 2 compares DDoS attack situations in 2017 and 2018 and sums up major characteristics of DDoS attacks in 2018. Chapter 3 presents DDoS changes seen by NSFOCUS in 2018 reflected in the attack traffic, frequency, and size through a multidimensional analysis of attack sources, attack types, attack durations, geographic distribution of attacks, participation of IoT devices, and distribution of attack targets by industry, in a bid to help organizations and agencies improve their network defense techniques and systems.




4  https://www.wired.com/story/github-ddos-memcached/

To be continued