All Press Release

Nexusguard research reveals three out of four DDoS attacks target multiple vectors

Posted by
September 25, 2017
Cybersecurity experts to advise organizations to protect DNS servers due to increase in UDP attacks.

Three out of every four distributed denial of service (DDoS) attacks employed blended, multi-vector approaches in the second quarter of 2017, according to Nexusguard’s “Q2 2017 Threat Report.” The quarterly report, which measured more than 8,300 attacks, demonstrated that hackers continued to rely on volumetric attacks to overwhelm system resources. For example, UDP-based (user datagram protocol) attacks increased by 15 percent this quarter, targeting hijacked devices connected to the Internet of Things (IoT), and overtaking SYN, HTTP Flood and other popular volumetric attacks in popularity. With the average attack rating 4.63 Gbps in size, enterprises that do not yet have access to high-capacity DDoS mitigation were most likely to suffer interruption from attacks.

IoT networks continued to be targeted by DDoS attacks during Q2, including a new botnet, Persirai, which attacked more than 1,000 different models of IP cameras. Nexusguard, the global leader in fighting malicious Internet attacks, gathers the DDoS attack data through botnet scanning, honeypots, ISPs and traffic moving between attackers and their targets that is unbiased by any single set of customers or industries. With UDP attacks growing in favor, the company recommends enterprises protect their DNS servers and employ Anycast routing technology to distribute the footprint of these DDoS attacks.

“UDP attacks can frequently act as smokescreens over other malicious behavior, such as efforts to execute remote codes, malware, or compromise personally identifiable information,” said Juniman Kasman, chief technology officer for Nexusguard. “Due to the speed with which UDP attacks can overwhelm DNS servers and hijack IoT devices, rapid detection and response is critical for overcoming these types of attacks. Organizations need to protect their DNS servers, and should consider using Anycast routing technology to avoid saturating individual attack targets.”

As DDoS extortionist gangs became increasingly active in several European countries, Switzerland made its first-ever appearance in the top three DDoS attacker countries. Nexusguard analysts found China was the leading source of DDoS attacks, originating 34 percent of the attacks measured and bumping the U.S. to second place, which was the source of 21 percent of DDoS attacks.

Read the full "Q2 2017 Threat Report" for more details.