2020 Mid-Year DDoS Attack Landscape Report-1
August 18, 2020
Summary
- Global distribution of DDoS attacks: U.S. suffered the most DDoS attacks, and Japan received the largest volume of DDoS traffic.
- DDoS attack trend: March and April witnessed the most frequent DDoS attacks, and May saw the peak of attack traffic.
- DDoS attacks and COVID-19 pandemic: DDoS attacks fluctuated noticebly with the worldwide outbreak of the COVID-19 pandemic. Germany and the U.S. were two typical examples.
- Attack lethality: Compared with the first half of 2019, the first half of 2020 experienced a decline in the number of attacks withincreasing magnitute.
- Attack types: SYN flood and UDP flood remained dominant DDoS attacks.
- Attack duration: Short-duration and effective attacks were the norm, with 68% of the attacks lasting less than 5 minutes.
- Attack peak: May was exposed to the strongest attack, with the peak reaching 634.6 Gbps.
- Attack gangs: Among the 15 IP gangs under our continuous monitoring in the first half of 2020, the largest attack utilized 217,000 attack sources.
635Gbps DDoS attack spike During Covid-19 Pandemic
May 22, 2020
NSFOCUS cloud scrubbing center witnessed a torrent of DDoS attack traffic, with peak volume up to 634.8 Gbps.
At 5 p.m. of May 20th, 2020, NSFOCUS SOC team detected an enormous DDoS attack – three IPs of a Hong Kong customer were hit by DDoS attacks and inbound traffic kept increasing sharply. As DDoS attack traffic constantly gushing into the scrubbing center, the peak attack traffic reached 634.8 Gbps, a new height encountered by NSFOCUS’s customers in the year of 2020. When NSFOCUS reported this event to the customer after the attack mitigation, they extended their grateful thanks to NSFOCUS and said selecting NSFOCUS Anti-DDoS solution was their best choice they made because they were well protected even when they were not aware of being targeted by DDoS attacks.
(more…)DDoS Attack Landscape 8
May 20, 2020
Participation of IoT Devices in DDoS Attacks
According to our observation, there were a total of more than 1,280,000 IP addresses of abnormal IoT devices around the world, accounting for 2.1% of all global IoT devices. Of all those abnormal IoT devices, 170,000 were involved in DDoS attacks, making up 13.08% of the total.
(more…)DDoS Attack Landscape 6
May 6, 2020
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
DDoS Attack Landscape 5
April 22, 2020
Controlled DDoS Attack Sources
According to statistics, China was still home to the largest number of controlled DDoS attack sources (36.19%) in 2019, followed by the USA and UK. Although China’s ranking remained
unchanged in terms of the number, the proportion decreased compared with 2018. This indicates that China’s DDoS governance and defenses have yielded fruits. (more…)
DDoS Attack Landscape 4
April 15, 2020
Attack Distribution by Duration
In 2019, the average duration of DDoS attacks was registered at 52 minutes, an 18% increase from 2018. We noticed that the longest DDoS attack in 2019 lasted around 20 days, far longer than attacks detected in previous years.
In 2019, a DDoS attacks lasting less than 30 minutes accounted for 75%, approximate to the figure registered in 2018. The high proportion of short attacks signals that attackers are attaching more
and more importance to the attack cost and efficiency and are more inclined to overwhelm the target service with floods of traffic in a short time, getting users offline and causing high latency
and jitters. In addition, Botnet-as-a-Service (BaaS) and DDoS-as-a-Service (DDoS) have gained momentum for rapid development, which were also to blame for the prevalence of short attacks.
Thanks to their availability, platform users are able to launch massive attacks in a very short time as long as they are willing to pay a certain amount of money for a whole lot of mercenary attack resources4. In the long run, repeated burst attacks, which are under effective cost control, will greatly aggravate the quality of target services.
DDoS Attack Landscape 3
April 8, 2020
DDoS Attack Type Analysis
Proportions of Different Attack Types
In 2019, most frequently seen attacks were UDP floods, SYN floods, and ACK floods, which together accounted for 82% of all DDoS attacks. By contrast, reflection attacks took up only 10%. Compared with 2018, reflection attacks rose slightly in number, but remained small in proportion. (more…)
DDoS Attack Landscape 2
April 1, 2020
DDoS Attack Counts and Peak Sizes
Distribution of Peak Sizes
From the monthly data in the last three years, the number of large-scale attacks (> 100 Gbps) soared in 2018 and then fluctuated at a high level over a two-year period. In 2017, the number of
such attacks reached 11,800, only 48% of the number in 2018 (24,500). 2019 saw 21,400 largescale attacks peaking above 100 Gbps (according to data by November 2019), on a par with 2018 (22,000 by November 2018). Besides, super-sized attacks (> 300 Gbps) have increased year by year from an average of 30 per month in 2017 to 247 in 2018 and then to 262 in 2019. Arguably, it has become a normal thing for super-sized attacks to keep increasing in number.
DDoS Attack Landscape 1
March 25, 2020
Executive Summary
In 2019, the average peak size of DDoS attacks rose steadily from 2018 to 42.9 Gbps, indicating that techniques employed by large and medium scale attacks are advancing year by year. After
a sharp rise in 2018, super-sized DDoS attacks (> 300 Gbps) were relatively stabilizing in 2019, increasing slightly by around 200. (more…)
DDoS Attack Landscape and Smart Protection
October 7, 2019
-
Evolution of the Internet and Accompanying Cyber Threats
The fast growth of the Internet has brought constant changes to our lives. More than a decade ago, the egress bandwidth of 100 Mbps was available only to a small number of users, but today links with Tbps-level bandwidths are nothing unusual. The Internet connects everyone and everything, rapidly changing people’s centuries-long habits by bringing everything online, including communication, transportation, payment, and shopping, as well as household appliances. While benefiting from the convenience of the Internet, we are pushing the Internet forward. (more…)
