DDoS attack

635Gbps DDoS attack spike During Covid-19 Pandemic

May 22, 2020

NSFOCUS cloud scrubbing center witnessed a torrent of DDoS attack traffic, with peak volume up to 634.8 Gbps.

At 5 p.m. of May 20th, 2020, NSFOCUS SOC team detected an enormous DDoS attack – three IPs of a Hong Kong customer were hit by DDoS attacks and inbound traffic kept increasing sharply. As DDoS attack traffic constantly gushing into the scrubbing center, the peak attack traffic reached 634.8 Gbps, a new height encountered by NSFOCUS’s customers in the year of 2020. When NSFOCUS reported this event to the customer after the attack mitigation, they extended their grateful thanks to NSFOCUS and said selecting NSFOCUS Anti-DDoS solution was their best choice they made because they were well protected even when they were not aware of being targeted by DDoS attacks.

(more…)

DDoS Attack Landscape 8

May 20, 2020

Participation of IoT Devices in DDoS Attacks

According to our observation, there were a total of more than 1,280,000 IP addresses of abnormal IoT devices around the world, accounting for 2.1% of all global IoT devices. Of all those abnormal IoT devices, 170,000 were involved in DDoS attacks, making up 13.08% of the total.

(more…)

DDoS Attack Landscape 6

May 6, 2020

Activity of Attack Sources

Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)

Activity of Attack Sources

Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)

Activity of Attack Sources

Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)

DDoS Attack Landscape 5

April 22, 2020

Controlled DDoS Attack Sources

According to statistics, China was still home to the largest number of controlled DDoS attack sources (36.19%) in 2019, followed by the USA and UK. Although China’s ranking remained
unchanged in terms of the number, the proportion decreased compared with 2018. This indicates that China’s DDoS governance and defenses have yielded fruits. (more…)

DDoS Attack Landscape 4

April 15, 2020

Attack Distribution by Duration

In 2019, the average duration of DDoS attacks was registered at 52 minutes, an 18% increase from 2018. We noticed that the longest DDoS attack in 2019 lasted around 20 days, far longer than attacks detected in previous years.

In 2019, a DDoS attacks lasting less than 30 minutes accounted for 75%, approximate to the figure registered in 2018. The high proportion of short attacks signals that attackers are attaching more
and more importance to the attack cost and efficiency and are more inclined to overwhelm the target service with floods of traffic in a short time, getting users offline and causing high latency
and jitters. In addition, Botnet-as-a-Service (BaaS) and DDoS-as-a-Service (DDoS) have gained momentum for rapid development, which were also to blame for the prevalence of short attacks.
Thanks to their availability, platform users are able to launch massive attacks in a very short time as long as they are willing to pay a certain amount of money for a whole lot of mercenary attack resources4. In the long run, repeated burst attacks, which are under effective cost control, will greatly aggravate the quality of target services.

(more…)

DDoS Attack Landscape 3

April 8, 2020

DDoS Attack Type Analysis

Proportions of Different Attack Types

In 2019, most frequently seen attacks were UDP floods, SYN floods, and ACK floods, which together accounted for 82% of all DDoS attacks. By contrast, reflection attacks took up only 10%. Compared with 2018, reflection attacks rose slightly in number, but remained small in proportion. (more…)

DDoS Attack Landscape 2

April 1, 2020

DDoS Attack Counts and Peak Sizes

Distribution of Peak Sizes

From the monthly data in the last three years, the number of large-scale attacks (> 100 Gbps) soared in 2018 and then fluctuated at a high level over a two-year period. In 2017, the number of
such attacks reached 11,800, only 48% of the number in 2018 (24,500). 2019 saw 21,400 largescale attacks peaking above 100 Gbps (according to data by November 2019), on a par with 2018 (22,000 by November 2018). Besides, super-sized attacks (> 300 Gbps) have increased year by year from an average of 30 per month in 2017 to 247 in 2018 and then to 262 in 2019. Arguably, it has become a normal thing for super-sized attacks to keep increasing in number.

(more…)

DDoS Attack Landscape 1

March 25, 2020

Executive Summary

In 2019, the average peak size of DDoS attacks rose steadily from 2018 to 42.9 Gbps, indicating that techniques employed by large and medium scale attacks are advancing year by year. After
a sharp rise in 2018, super-sized DDoS attacks (> 300 Gbps) were relatively stabilizing in 2019, increasing slightly by around 200. (more…)

DDoS Attack Landscape and Smart Protection

October 7, 2019

  1. Evolution of the Internet and Accompanying Cyber Threats

The fast growth of the Internet has brought constant changes to our lives. More than a decade ago, the egress bandwidth of 100 Mbps was available only to a small number of users, but today links with Tbps-level bandwidths are nothing unusual. The Internet connects everyone and everything, rapidly changing people’s centuries-long habits by bringing everything online, including communication, transportation, payment, and shopping, as well as household appliances. While benefiting from the convenience of the Internet, we are pushing the Internet forward. (more…)

DDoS Attack Misinterpretations

July 30, 2019

River blockage used to be a great survival crisis in ancient times. Similarly in cyberspace, distributed denial-of-service (DDoS) attacks have become a devastating disaster. As we all know, DDoS attacks are  destructive attacks and after over 10 years of evolution, such attacks have become an effective attack tool favored by multiple organizations and individuals who use them for ransom, revenge and cyberwars. (more…)