H1 2020 DDoS report reveals a surge in DDoS attacks
- Published: Thursday, 06 August 2020 08:20
Link11 has released findings from its H1 2020 DDoS Report, which shows that there has been an increase in DDoS attacks during the period. In April, May and June 2020, the number of attacks registered by Link11’s Security Operations Center (LSOC) averaged 97 percent higher than the during the same period in 2019 peaking at a 108 percent increase in May 2020.
Other key findings from the annual report include:
- Multivector attacks are on the rise: one in two attacks (52 percent) combined several methods of attack, making them harder to defend against. One attack included 14 methods; the highest number of vectors registered to date.
- Growing number of reflection amplification vectors: most commonly used vectors included DNS, CLDAP and NTP, while WS Discovery and Apple Remote Control are still frequently used after being discovered in 2019. Since the beginning of the year, the vector set for DDoS attackers has also been expanded by DVR DHCPDiscovery. The LSOC discovered the vector that exploits a vulnerability in digital video recorders (DVR devices vulnerability). The new method of attack was used hundreds of times for DDoS attacks in the second quarter of 2020.
- DDoS sources for reflection amplification attacks are distributed around the globe: the top three most important source countries in H1 2020 were USA, China, and Russia. However, more and more attacks have been traced back to France.
- Average attack bandwidth remains high: the attack volume of DDoS attacks has stabilised at a high level, at an average of 4.1 Gbps. In the majority of attacks 80% were up to 5 Gbps. The largest DDoS attack was stopped at 406 Gbps. In almost 500 attacks, the attack volume was over 50 Gbps. This is well over the available connection bandwidth of most companies.
- DDoS attacks from the cloud: at 47 percent, the percentage of DDoS attacks from the cloud was higher than the full year 2019 (45 percent). Instances from all established providers were misused, but most commonly were Microsoft Azure, AWS, and Google Cloud. Attackers often use false identities and stolen credit cards to open cloud accounts, making it difficult to trace the criminals behind attacks.
- The longest DDoS attack lasted 1,390 minutes - 23 hours. Interval attacks, which are set like little pinpricks and thrive on repetition, lasted an average of 13 minutes.
The data showed that the frequency of DDoS attacks depends on the day of the week and time of the day, with most attacks concentrated around weekends and evenings. More attacks were registered on Saturdays, and out of office hours on weekdays.