DDoS attacks have fallen in frequency but have grown 174% in size

08 August 2018 | James Pearce

Cover

The number of DDoS attacks being carried out is falling, according to a recent threat intelligence report, but the scale of attacks has grown by 174% in the past year with the largest reaching 1.7Tbps.

According to the NETSCOUT Threat Intelligence Report, there was 2.8 million distributed denial of service attacks recorded in the first half of 2018 – down 13% on H1 2017. Of those attacks, 47 were over 300Gbps, compared with just seven in 2017.

Regionally, Latin America was the only area to show an increase in attack frequency, though this was relatively small, and all areas saw the size of attack grow.

Asia Pacific saw a significant jump in large attacks – from five in H1 2017 to 35 in H1 2018, with 17 attacks topping the 500Gbps mark in China alone. North America, however, saw the largest attack – at 1.7Tbps, it was one of the largest attacks ever recorded, according to the report.

There was approximately 793,377 attacks on wired carriers 2018. This was a drop from 996,495 in 2017, with the maximum up from 339.5Gbps last year.

Internet of things botnets also remains a potential threat, with the number of connected devices set to grow from 27 billion in 2017 to 125 billion by 2030. Most consumer IoT devices contain basic vulnerabilities, the report said, such as hard/code credentials, buffer overflows, and command injection. The Mirai attack made waves in 2016 as one of the biggest, high-impact DDoS attacks using IoT malware.

“ATLAS is a collaborative project with hundreds of service provider customers who have agreed to share anonymous traffic data equaling approximately one-third of all internet traffic,” said Hardik Modi, senior director, Threat Intelligence, NETSCOUT.

“From this unique vantage point, NETSCOUT is ideally positioned to deliver intelligence about DDoS attacks, malware families and botnets that threaten Internet infrastructure and network availability. This report makes clear that threat actors are increasingly leveraging internet-scale threats, such as NotPetya, for targeted, highly selective campaigns.”

The report also looks at other areas of cybercrime including crimeware and state-sponsored activity. Inspired by 2017’s WannaCry attack, major crimeware groups are adopting self-propagation methods that allows their malware to spread faster and more easily, it said, while they are also increasingly focused on cryptocurrency mining.

Rob Ayoub, research director, Security Products program at IDC, said: “NETSCOUT brings unique insights to the global threat landscape through their ATLAS infrastructure. While they’re best known for DDoS defense, the company has built an impressive security research organization that digs deep into malware campaigns and botnets at a global level, providing much needed context to the overall threat environment. By studying the infrastructure, the command and control, they’re gathering much of their intelligence straight from the source.”