In 2019, most frequently seen attacks were UDP floods, SYN floods, and ACK floods, which together accounted for 82% of all DDoS attacks. By contrast, reflection attacks took up only 10%. Compared with 2018, reflection attacks rose slightly in number, but remained small in proportion.
Of all DDoS attacks, 12.5% used a combination of multiple attack methods. By flexibly combining several methods to adapt to different environments of target systems, attackers can initiate large amounts of traffic and exploit vulnerabilities in different protocols and systems, thus bringing their capabilities into full play. On the other side of the fence, defenders find it rather costly to effectively analyze, respond to, and mitigate such distributed attacks involving various protocols and leveraging various resources.
The following figure shows the distribution of super-sized attacks (> 300 Gbps) in 2019. Obviously, SYN floods took the largest slice of the pie, followed by multi-vector attacks that stood at 32%. This posed a great challenge to the performance of cleaning devices, the stability of cleaning lines, and the effectiveness of defense operations.
To be continued.