14 DAY TRIAL // In a report published today, the NexusGuard cloud-based distributed denial of service (DDoS) security solution provider details their analysis of the evolution of DDoS attacks during 2018 Q2 and makes a comparison to similar events from 2017.
Their report states that DDoS attacks detected during the second quarter of 2018 have dramatically increased in both average and maximum size when compared to the ones from Q4 2017, as a result of increased activity from IoT botnets.
Moreover, DDoS attacks five times more powerful had targets such as the 2018 FIFA World Cup, and the Verge Network, as well as cryptocurrency-focused businesses.
The main culprits for the increase in the number of attacks seem to be Satori (a variant of the infamous Mirai malware) and Anarchy botnets, which made their presence known throughout the last few months exploiting zero-days found to affect D-Link's DIE-620 routers, XiongMau uc-httpd 1.0.0 IoT devices, and Dasan GPON-capable routers.
The five-fold rise in average attack size is the result of a dramatic rise of massive TCP SYN-based floods
Nextguard's analysis also points out that the size of denial-of-service attacks rose at a high pace during the first two quarters of 2018, growing from an average of 4.10 Gbps in Q2 2017 to 26.37 during Q2 2018, while the maximum size increased from 63.70 Gbps during Q2 2017 to a whopping 359 Gbps for Q2 2018.
"Of total attacks, 64.13% were smaller than 10Gbps (35.87% were larger). The average size was 26.37Gbps and the maximum 359.00Gbps. Attacks smaller than 1Gbps made up 19.84%, while those ranging between 1Gbps and 10Gbps accounted for 44.29%", said Nextguard in their report.
Distribution-wise, the DDoS attacks had the US and China as the top two global attack sources, with the first accounting for 20% of initiated attacks while the later was the source for 16.27% of the total numbers of attacks.
The top of global regions detected as DDoS attack sources continues with France clocking in 7.25% of all attacks, with Germany and Russia going for the fourth and fifth places.
"Threat intelligence is gathered via attack data, research, publically available information, Honeypots, ISPs, and logs recording traffic between attackers and their targets", reported Nextguard.
