Key Findings – 5 The Number of DDoS Attacks on Healthcare, Education, and Government Sectors Increased Significantly During the COVID-19 Pandemic The healthcare sector suffered more DDoS attacks during the COVID-19 pandemic than previous years. According to statistics2, the number of attacks in each month in 2020 H2 increased year on year, with March and […]

Active Families

• Gafgyt

As one of the largest IoT DDoS families, Gafgyt compromises such devices as routers and cameras by means of password cracking and exploits to receive C&C commands and launch DDoS attacks.

In 2019, the Gafgyt family continued to be active, mainly targeting North America, Europe, and Australia. The number of Gafgyt-based malware increased fourfold compared with 2018 and the
average daily increase of C&C attacks reached 34.5%. Compared with 2018, the number of DDoS attack directives increased by 175%, most of which were UDP flood attacks targeting ports 80 and
443 for HTTP services and ports 3074, 300000, 30100, and 32000 for gaming services.

Behind DDoS attacks, there are complex economic interests in the underground industry. Therefore, effective governance needs to start from multiple dimensions, including policy, industry, resource, and technical dimensions. This chapter dwells upon how to mitigate DDoS attacks from the following perspectives.

(more…)

3.5  Analysis of IoT Attack Sources

3.5.1 Participation of IoT Devices in DDoS Attacks

According to NSFOCUS’s IoT threat intelligence, some DDoS attacks are associated with IoT devices. By further analyzing the proportion of IoT devices in DDoS attack source IP addresses, we find that 3.14% are IoT devices. Although this proportion is relatively small, compared to the large base of DDoS attack source IP addresses, the threat of IoT device-based DDoS attacks cannot be overlooked.

(more…)

3.2  DDoS Attack Type Analysis

3.2.1  Proportions of Different Attack Types 

In 2018, the most frequently seen attacks were SYN flood, UDP flood, ACK flood, HTTP flood, and HTTPS flood attacks6, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attacks contributed to no more than 3% of attacks. Compared with 2017, the year 2018 witnessed an 80% decrease in the number of reflection attacks, but a 73% increase in other attacks. This is because Chinese authorities took effective measures against reflectors (see section 3.1.1 “Attack Count and Traffic”). (more…)