DDoS attacks rose more than 278% in the first quarter of 2020, compared to Q1 2019, and more than 542% compared to the last quarter, according to a new report from Nexusguard.
The Q1 2020 Threat Report found DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, Internet service providers will have to strengthen their security measures.
While DDoS attacks disrupt service for large companies and individuals alike, ISPs face increasing challenges to curb undetectable and abnormal traffic before they evolve into uncontrollable reflection attacks.
Generally considered the “off season” for DDoS attacks, researchers attribute the surge in incidents to malicious efforts during the COVID-19 pandemic, as consumers become dependent on online services and working from home has become the new normal in an effort to prevent the spread of the virus.
“With remote working becoming the new standard and emphasis on home internet connectivity at an all time high, proper security measures to mitigate these attacks have never been more important for ISPs," says Donny Chong, product director at Nexusguard.
"DDoS attacks, be it outgoing or incoming, is a threat to this new working standard that no home users will be able to effectively address, with ISPs needing to employ protective steps to maintain its quality of network connectivity,” he says.
Chong says such heavy reliance on online services has given rise to a trend of attacks meant to overwhelm ISPs.
In addition to traditional DDoS attacks, Nexusguard researchers identified various abnormal traffic patterns, including small-sized, short attacks dubbed “invisible killers.” These types of attacks are often wilfully ignored by ISPs, which gives the invisible anomalies access to website and online services networks to wreak havoc.
“We believe that the ‘invisible killer’ trend will not go away anytime soon, and should not be dismissed at the risk of Internet network infrastructures suffering a deluge of attacks," says Chong.
"ISPs play a key role in preventing and mitigating attacks in the long run, protecting its own networks and customer networks from either ‘invisible killer’ or traditional attacks. Steps must be taken to address and manage suspicious traffic, safeguarding the connectivity and service uptime of customer networks from the threats of DDoS attacks,” he explains.
Nexusguard’s findings also revealed that bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These forms of attacks are a result of drip-feeding doses of junk traffic into a large IP pool, ultimately clogging the targeted infrastructure when small bits of attacks accumulate from various source IPs. Furthermore, 90% of attacks employed also used a single-vector approach, which is a shift from the popularity of multi-vector attacks in the past.
"As DDoS attacks become more sophisticated and harder to stop, exacerbated by our collective change in lifestyle due to the pandemic, security policies and practises need to be addressed for the post-COVID-19 world," says Chong.
"ISPs will have to adapt to and address the new attack methods birthed from the pandemic, and look towards mitigating and managing disruptions emanating from widespread DDoS attacks."
The Q1 2020 Threat Report found DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, Internet service providers will have to strengthen their security measures.
While DDoS attacks disrupt service for large companies and individuals alike, ISPs face increasing challenges to curb undetectable and abnormal traffic before they evolve into uncontrollable reflection attacks.
Generally considered the “off season” for DDoS attacks, researchers attribute the surge in incidents to malicious efforts during the COVID-19 pandemic, as consumers become dependent on online services and working from home has become the new normal in an effort to prevent the spread of the virus.
“With remote working becoming the new standard and emphasis on home internet connectivity at an all time high, proper security measures to mitigate these attacks have never been more important for ISPs," says Donny Chong, product director at Nexusguard.
"DDoS attacks, be it outgoing or incoming, is a threat to this new working standard that no home users will be able to effectively address, with ISPs needing to employ protective steps to maintain its quality of network connectivity,” he says.
Chong says such heavy reliance on online services has given rise to a trend of attacks meant to overwhelm ISPs.
In addition to traditional DDoS attacks, Nexusguard researchers identified various abnormal traffic patterns, including small-sized, short attacks dubbed “invisible killers.” These types of attacks are often wilfully ignored by ISPs, which gives the invisible anomalies access to website and online services networks to wreak havoc.
“We believe that the ‘invisible killer’ trend will not go away anytime soon, and should not be dismissed at the risk of Internet network infrastructures suffering a deluge of attacks," says Chong.
"ISPs play a key role in preventing and mitigating attacks in the long run, protecting its own networks and customer networks from either ‘invisible killer’ or traditional attacks. Steps must be taken to address and manage suspicious traffic, safeguarding the connectivity and service uptime of customer networks from the threats of DDoS attacks,” he explains.
Nexusguard’s findings also revealed that bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These forms of attacks are a result of drip-feeding doses of junk traffic into a large IP pool, ultimately clogging the targeted infrastructure when small bits of attacks accumulate from various source IPs. Furthermore, 90% of attacks employed also used a single-vector approach, which is a shift from the popularity of multi-vector attacks in the past.
"As DDoS attacks become more sophisticated and harder to stop, exacerbated by our collective change in lifestyle due to the pandemic, security policies and practises need to be addressed for the post-COVID-19 world," says Chong.
"ISPs will have to adapt to and address the new attack methods birthed from the pandemic, and look towards mitigating and managing disruptions emanating from widespread DDoS attacks."