DDoS attacks get smaller -- but there are more of them

Posted By



October 6, 2022

The amount of DDoS attacks increased by 75.6 percent compared to the second half of 2021, but the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56 percent and 66.8 percent, respectively.

New research from Nexusguard shows that single-vector attacks represented 85 percent of all attacks globally in the first half of this year. Of these User Datagram Protocol (UDP) attacks accounted for 39.6 percent, an increase of 77.5 percent from the first half of 2021, the remainder being HTTPS flood attacks.

For the first time Nexusguard's report looks at the geographic distribution of attacks. Nearly three-quarters (74.6 percent) of all reflected attacks targeted organizations in Brazil and South Korea. Within Europe, the UK received almost a quarter (24.6 percent) of all reflected attacks in that region and in the Middle East and Africa the Seychelles and Saudi Arabia combined received more than half (55.5 percent).

"Attackers came out of winter hibernation with never-before-seen levels of intent, showing an incredible increase of attacks in Q2 2022 alone and by June, reaching the highest first-half levels since 2018," says Juniman Kasman, chief technology officer of Nexusguard. "We've expanded our DDoS reports to include data on reflected attack destinations and have separated Europe from the Middle East and Africa regions to provide organizations with even more information on DDoS attacks. The wide variability in attack types shown by our latest report demonstrates that companies must remain vigilant in protecting themselves against the risk of DDoS attacks."

So called 'Bit-and-Piece' attacks are also plaguing internet service providers. While 81 percent of attacks globally were less than a single Gbps, Bit-and-Piece attacks registered minimum sizes of 0.0637 Gbps and a maximum of 123.7 Gbps. By drip-feeding doses of junk traffic into a large IP pool, the traffic from these attacks remains small enough to evade traditional threshold-based detection, but accumulates to clog and disable the target.

You can read more and get the full report on the Nexusguard blog.