DDoS attack

DDoS Attack Landscape 4

April 15, 2020

Attack Distribution by Duration

In 2019, the average duration of DDoS attacks was registered at 52 minutes, an 18% increase from 2018. We noticed that the longest DDoS attack in 2019 lasted around 20 days, far longer than attacks detected in previous years.

In 2019, a DDoS attacks lasting less than 30 minutes accounted for 75%, approximate to the figure registered in 2018. The high proportion of short attacks signals that attackers are attaching more
and more importance to the attack cost and efficiency and are more inclined to overwhelm the target service with floods of traffic in a short time, getting users offline and causing high latency
and jitters. In addition, Botnet-as-a-Service (BaaS) and DDoS-as-a-Service (DDoS) have gained momentum for rapid development, which were also to blame for the prevalence of short attacks.
Thanks to their availability, platform users are able to launch massive attacks in a very short time as long as they are willing to pay a certain amount of money for a whole lot of mercenary attack resources4. In the long run, repeated burst attacks, which are under effective cost control, will greatly aggravate the quality of target services.


DDoS Attack Landscape 3

April 8, 2020

DDoS Attack Type Analysis

Proportions of Different Attack Types

In 2019, most frequently seen attacks were UDP floods, SYN floods, and ACK floods, which together accounted for 82% of all DDoS attacks. By contrast, reflection attacks took up only 10%. Compared with 2018, reflection attacks rose slightly in number, but remained small in proportion. (more…)

DDoS Attack Landscape 2

April 1, 2020

DDoS Attack Counts and Peak Sizes

Distribution of Peak Sizes

From the monthly data in the last three years, the number of large-scale attacks (> 100 Gbps) soared in 2018 and then fluctuated at a high level over a two-year period. In 2017, the number of
such attacks reached 11,800, only 48% of the number in 2018 (24,500). 2019 saw 21,400 largescale attacks peaking above 100 Gbps (according to data by November 2019), on a par with 2018 (22,000 by November 2018). Besides, super-sized attacks (> 300 Gbps) have increased year by year from an average of 30 per month in 2017 to 247 in 2018 and then to 262 in 2019. Arguably, it has become a normal thing for super-sized attacks to keep increasing in number.


DDoS Attack Landscape 1

March 25, 2020

Executive Summary

In 2019, the average peak size of DDoS attacks rose steadily from 2018 to 42.9 Gbps, indicating that techniques employed by large and medium scale attacks are advancing year by year. After
a sharp rise in 2018, super-sized DDoS attacks (> 300 Gbps) were relatively stabilizing in 2019, increasing slightly by around 200. (more…)

DDoS Attack Landscape and Smart Protection

October 7, 2019

  1. Evolution of the Internet and Accompanying Cyber Threats

The fast growth of the Internet has brought constant changes to our lives. More than a decade ago, the egress bandwidth of 100 Mbps was available only to a small number of users, but today links with Tbps-level bandwidths are nothing unusual. The Internet connects everyone and everything, rapidly changing people’s centuries-long habits by bringing everything online, including communication, transportation, payment, and shopping, as well as household appliances. While benefiting from the convenience of the Internet, we are pushing the Internet forward. (more…)

DDoS Attack Misinterpretations

July 30, 2019

River blockage used to be a great survival crisis in ancient times. Similarly in cyberspace, distributed denial-of-service (DDoS) attacks have become a devastating disaster. As we all know, DDoS attacks are  destructive attacks and after over 10 years of evolution, such attacks have become an effective attack tool favored by multiple organizations and individuals who use them for ransom, revenge and cyberwars. (more…)

2018 DDoS Attack Landscape-8

May 29, 2019

3.6  Industrial Distribution of Attack Targets

From an industry perspective, cloud service/Internet data center (IDC), gaming, and e-commerce are top 3 industries suffering the most DDoS attacks. (more…)

2018 DDoS Attack Landscape-6

May 15, 2019

3.4  Behavioral Analysis of Attack Sources

In the 2018 H1 Cybersecurity Insights8, we mentioned that the number of DDoS recidivists (repeat DDoS offenders) was too large to ignore. Of all internet attack types, 25% of attackers were recidivists responsible for 40% of all attack events. As for DDoS attacks, 7% of attackers were recidivists that launched 12% of attack events. (Here, “DDoS recidivists” refer to source IP addresses that have been marked by NSFOCUS Threat Intelligence center (NTI) as DDoS attack sources.) Clearly, in DDoS attacks, the proportion of recidivists decreased in 2018, indicating a lower level of resource reuse. This can be attributed to two factors: (more…)

2018 DDoS Attack Landscape-5

May 8, 2019

3.3 DDoS Attack Duration

3.3.1 Attack Duration Distribution

In 2018, the average duration of a DDoS attack was 42 minutes, down 17% from 2017. This indicates that DDoS attacks were upgraded in industrialization, weaponization, and efficiency and DDoS-as-aService gained momentum for fast growth. We noticed that the longest DDoS attack in 2018 lasted around 12 days, far shorter than attacks detected in previous years. (more…)

2018 DDoS Attack Landscape-3

April 17, 2019

Analysis of DDoS Attacks in 2018

3.1  DDoS Attack Count and Peak Size

3.1.1  Attack Count and Traffic

In 2018, we observed 148,000 DDoS attacks (down 28.4% from 2017), which generated a total of 643,100 TB of traffic, about the same level as in 2017. DDoS attacks keep expanding in size year by year as large and medium-scale attacks are on the rise, as shown in section 3.1 “Distribution of Peak Sizes.” (more…)