UNDER ATTACK? CALL US

2020 Mid-Year DDoS Attack Landscape Report-4

Por NSFOCUSEm BlogPostou
2020 DDoS Attack Report cover by NSFOCUS.
Red circular no entry sign with a white horizontal bar.

At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by the
time this report was written. According to IP gang intelligence from the NSFOCUS Threat Intelligence (“NTI”), large quantities of source IP addresses involved in the attack were controlled by the IP gang IPGang01 we have continuously monitored. We will elaborate on it in the following “attack gangs” chapter.

Red circular no entry sign with a white horizontal bar.
Red circular no entry sign with a white horizontal bar.

Gang attacks refer to the large-scale attacks with high similarity in attack resources, attack techniques and attack goals. Unlike common attack events initiated by individual attackers, gang attacks usually pursue economic profit or information breach. Gang analysis can offer significant insight into DDoS events and help us take actions in advance.

In the first half of 2020, we monitored 15 IP gangs. Comparison of the features of various gangs is shown in the following figure, which is arranged in reverse order of the number of members from top to bottom. A typical example is IPGang01, which was described in detail in the following part.

Red circular no entry sign with a white horizontal bar.

As the largest gang within our monitoring scope, IPGang01 contains 217,000 attack sources and As the largest gang within our monitoring scope, IPGang01 contains 217,000 attack sources and 130,000 monthly active resources. Active days in the first half of 2020 amounted to 164 days. During this period, 58,000 attacks were launched against 1366 targets, generating 13,000 Tb of traffic in total. Distribution of attack features is shown in the following chart.

Red circular no entry sign with a white horizontal bar.

In March, the gang was the most active and launched 60% of the attack events. In May, attack lethality was the strongest. The above-mentioned attack with the maximum peak of 636 Gbps on May 20 was initiated by the gang. In this attack, SYN floods contributed 33.82% of traffic.

Red circular no entry sign with a white horizontal bar.
Red circular no entry sign with a white horizontal bar.
Red circular no entry sign with a white horizontal bar.
Red circular no entry sign with a white horizontal bar.

Link: https://nsfocusglobal.com/2020-mid-year-ddos-attack-landscape-report/

NSFOCUS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.