2018 DDoS Attack Landscape

2018 witnessed transformations in every corner of both cyberspace and the real world driven by the ever quickening growth of the Internet as well as the implementation of revolutionary and evolutionary technologies related to cloud computing, big data, artificial intelligence (AI), Internet of things (IoT), and Industry 4.0. In this report we compare DDoS attack situation in 2017 and 2018 and sum up major characteristics of DDoS attacks in 2018. This report also presents DDoS changes seen by NSFOCUS in 2018 reflected in the attack traffic, frequency, and size through a multidimensional analysis of attack sources, attack types, attack durations, geographic distribution of attacks, participation of IoT devices, and distribution of attack targets by industry, in a bid to help organizations and agencies improve their network defense techniques and systems

Key Findings of This Report Include:

  • Attackers were more inclined to launch DDoS attacks when the short-term benefits from cryptomining activities declined in 2018.
  • Of all internet attack types, 25% of attackers were recidivists responsible for 40% of all attack events. The proportion of recidivists in DDoS attacks decreased in 2018, making up about 7% of DDoS attackers that launched 12% of attack events.
  • The total number of DDoS attacks in 2018 reached 148,000, down 28.4% from 2017, driven by effective protections against reflection attacks.
  • Cloud services/IDCs, gaming, and e-commerce were the top 3 industries targeted by attackers.
  • In 2018, the most frequently seen attacks were SYN flood, UDP flood, ACK flood, HTTP flood, and HTTPS flood attacks3, which altogether accounted for 96% of all DDoS attacks.
  • Of all DDoS attacks, 13% used a combination of multiple attack methods. The other 87% were single-vector attacks.