DDoS attacks increase by 233% in 2021, finds Nexusguard
Small bit-and-piece distributed denial of service (DDoS) attacks rose by 233% in the first half of 2021, revealed Nexusguard in its Threat Report FHY 2021.
According to the report, as the Covid-19 pandemic continued on into 2021 hackers experimented with new attack patterns to avoid signature-based detection. As a result, in the first half of 2021 more than 99% of all DDoS attacks were smaller than 10Gbps. These small, nimble attacks can immobilise communications service providers (CSPs) and Internet service providers (ISPs) if only protected by threshold or signature-based methods only.
Further the report found that attackers continue to diversify their approaches with bit-and-piece attacks to bring down target networks and infrastructures. Specifically, more than 95% of attacks being smaller than 1Gbps each, the majority of which Nexusguard analysts believe were launched using DDoS-for-hire services.
In addition, rather than launching large bandwidth attacks against their targets, researchers found that perpetrators chose to employ attacks using high packet-rate loads of small-sized traffic from DDoS-for-hire services, in an attempt to evade DDoS mitigation detection systems.
“The high level of intricacies behind communications service provider networks causes them to generally allow all types of traffic to pass through, which leads to smaller or spoofed types of attacks to strike undetected,” said Juniman Kasman, chief technology officer of Nexusguard.
“Behavioural detection and mitigation approaches are strongly recommended for targeted networks since they can compare peacetime with battles and take a wider range of factors into consideration than anomalous thresholds or attack signatures.”
Additionally, traffic spoofing and User Datagram Protocol (UDP)-style attacks were popular in the first half of 2021, with an 84% increase in UDP attacks compared to the previous six months. Several types of UDP attacks have been in use, one of which can cause “Black Storm” attacks.
Specifically, Nexusguard observed that China Telecom, China Unicom, Vodafone Türkiye, Türk Telekom, Turkcell İletişim Hizmetleri A.S. receive the highest concentrations of malicious traffic.
The solution for CSPs is to use deep learning-based detection methods, which enable the analysis of huge amounts of data quickly and accurately while overcoming the inefficiencies inherent in threshold or signature-based methods.