DDoS attacks jump over 540 percent during lockdown

Posted By



June 30, 2020

In the first quarter of this year, DDoS attacks rose more than 278 percent compared to Q1 2019 and more than 542 percent compared to the previous quarter.

This is among the findings of the Nexusguard Q1 2020 Threat Report. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to interrupt service for large companies and individuals alike.

The most popular type of attack vector involved employing user datagram protocol (UDP) as a 'smokescreen' to mask other malicious activities, comprising more than 75 percent of attacks this quarter.

In addition more than 90 percent of attacks used a single vector, compared to the multi-vector attacks that have previously been popular. Bits-and-pieces attacks also continue to infiltrate traditional threshold-based detection. These attacks result from drip-feeding doses of junk traffic into a large IP pool, which can clog the target when bits and pieces start to accumulate from different IPs.

The report also warns of what it calls 'invisible killer' attacks. These are characterized in the size range of 1Gbps and 5Gbps and often last less than 15 minutes and create less than 200 events per day. These account for 67.12 percent of attacks and, due to the lack of size concentration and being overlooked as insignificant relative to overall traffic, they normalize historical traffic behaviour and give the invisible killer access to the networks of websites and onlines services to cause havoc.

"We believe the small 'invisible killer' attacks are not isolated cases, but ongoing trends which can no longer be dismissed at the risk of Internet network infrastructure suffering a deluge of attacks," says Juniman Kasman, chief technology officer for Nexusguard. "It's imperative that Internet service providers take the initiative to address any suspicious traffic -- irrespective of size or quantity -- to ensure customers don't experience outages from DDoS attacks."

The full report along with those for previous quarters is available from the Nexusguard site.