Volume and complexity of DDoS attacks still increasing
DDoS attacks are a continuing problem for businesses and a new report reveals that they are also growing in complexity.
The 2019 DDoS report from Link11 reveals that the share of multivector attacks -- which target and misuse several protocols -- grew significantly from 46 percent in the first quarter to 65 percent in the fourth quarter.
DNS amplification is the most used technique for DDoS attackers in 2019, having been found in a third of all attacks. The attackers exploit insecure DNS servers, of which there were over 2.7m worldwide by the end of 2019 according to the Open Resolver Project.
The average bandwidth of attacks keeps increasing too and has grown by more than 150 percent over the past four years, reaching five Gbps in 2019, up from two Gbps in 2016. The maximum attack volume has also nearly doubled compared to 2018; from 371 Gbps to 724 Gbps.
The cloud is an increasingly popular target. The proportion of DDoS attacks that involved corrupted cloud servers was 45 percent between January and December, representing a 16 percent increase over the same time period the previous year. The proportion rose to 51 percent over the last six months of 2019. The number of attacks traced to cloud providers is roughly proportionate to their relative market share, with more cases of corrupt clouds registered for AWS, Microsoft Azure and Google Cloud.
The longest DDoS attack recorded lasted 6,459 minutes -- more than 100 hours. Interestingly the day and time are a factor in when attacks occur. More attacks are registered on Saturdays, and between 4pm and midnight on weekdays.
"There was a noticeable surge in attack bandwidths and volumes, and in multivector attacks in 2019, due in part to the increased malicious use of cloud resources and the popularity of IoT devices," says Marc Wilczek, COO of Link11. "The growing trend for attackers to use methods that strike at the network and application level means organizations need to invest in protective solutions that are designed to detect multi-layer anomalies and networked security mechanisms."
You can find out more in the full report which is available from the Link11 site.