14 DAY TRIAL // Statistics gathered by Neustar, Inc., a provider of real-time information services, shows that in the past year, and especially in the last quarter of 2015, multi-vector DDoS attacks have started to become a regular occurrence.
Details from the 2016 Neustar Security Operations Center Report reveals that attackers are starting to chain together different methods for launching DDoS attacks, either for reconnaissance, or for diverting company IT resources in different areas, so they can launch other types of attacks later on.
Multi-vector DDoS attacks are when an attacker quickly transitions from launching DDoS attacks from one form of DDoS attack (e.g.: SYN packets) to another one (Layer 7), and so on. These attacks are either launched one vector at a time, or in parallel, in order to confuse a company's IT department, strain their resources, and keep their attention on the wrong spot.
In 2015, 17% of all DDoS attacks were multi-vector
According to Neustar's statistics, 17% of all DDoS attacks involved multiple vectors. Of these, 57% involved reflection DDoS attacks, which are cheap to launch and don't require too many resources.
Even worse, 47% of all multi-vector DDoS attacks were launched during the last quarter of 2015, showing a growing interest from multiple cyber-crime group towards this attack method, which could have easily, and most certainly did, trickle down to 2016.
"Multi-vector attacks show a higher level of sophistication on behalf of the hackers," said Brian Foster, senior vice president of Information Services for Neustar. "Anybody can go to a stressor website and buy a cheap DDoS service, but with multi-vector attacks, the hacker is exhibiting a familiarity with attack methods and determination to potentially cause real damage."
The number of DDoS attacks intensified in Q4 2015
Overall, DDoS attacks in total grew during the last quarter of the year, Neustar reporting that 32% of all 2015 DDoS attacks were seen in Q4. Most of the time, attacks were launched on important periods of the year, such as Cyber Monday, tax return season, and others similar.
Neustar also continued to see a trend of "slow and low" DDoS attacks, where the company isn't overwhelmed with huge traffic loads, but always kept at the edge of its server resources, with IT staff walking a thin line between keeping their services online and going dark.
The 2016 Neustar Security Operations Center Report also contains details on DNS, TCP SYN, UDP, ICMP, CHARGEN, NTP, and SSDP attacks.
