theDocumentId => 1341298 Nokia Deepfield: DDoS Attacks Originate From Fewer ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:00 PM
Dark Reading
Dark Reading
Products and Releases

Nokia Deepfield: DDoS Attacks Originate From Fewer Than 50 Hosting Companies

Espoo, Finland – Nokia Deepfield today announced the results of its global DDoS traffic analysis, which examined service provider network traffic encompassing thousands of routers on the internet between January 2020 and May 2021. Among the findings, which were presented by Dr. Craig Labovitz, Nokia Deepfield CTO, at NANOG82: more than 100% increase in daily DDoS peak traffic in this time period; newly identified DDoS threat potential over 10 Tbps – four to five times higher than the largest current attacks reported – due to rapidly growing number of open and insecure internet services and IoT devices.

In an environment where attackers constantly leverage opportunistic resources to source their attacks, Nokia Deepfield found in the past 15 months accessibility of DDoS for hire services has increased the threat potential of the existing botnet, IoT and cloud-based attack models. The results trace the origins of most of the high-bandwidth, high-intensity (volumetric) attacks to a limited number of internet domains, finding that most global DDoS attacks (by frequency and traffic volume) originate in less than 50 hosting companies and regional providers.

As COVID lockdown measures were implemented in 2020, Nokia Deepfield noticed a 40-50% increase in DDoS traffic. The continued increases in intensity, frequency and sophistication of DDoS attacks have resulted in a 100% increase in the “high watermark levels” of DDoS daily peaks – from 1.5 Tbps (January 2020) to over 3 Tbps (May 2021).

With broadband connectivity becoming an essential service, the fight against DDoS is critical. These large-scale DDoS attacks can inflict major damage on individual and large-scale connectivity and service availability, resulting in damages costing hundreds of thousands or even millions of dollars in production and operational losses.

Accurate DDoS detection and cost-effective, automated mitigation are becoming paramount requirements for service providers, cloud builders and network operators to protect their network infrastructures, services and users.

The newly enhanced Nokia Deepfield Defender provides fast and accurate DDoS detection and facilitates agile mitigation of volumetric DDoS attacks at the network edge. With its ability to scale to petabyte-levels and advanced features such as multi-layer protection and auto-mitigation, Deepfield Defender delivers an intelligent and automated approach to thwart and minimize the security risks associated with a new generation of DDoS threats and attacks.

Drawing DDoS security expertise from its global network deployments and insights from Deepfield Security Genome™, Nokia Deepfield Defender accurately and rapidly detects hosts, botnets and IoT devices involved in active attacks, and programs router-based mitigation with tens/hundreds of thousands of highly precise filters resulting in network-wide, cost-effective DDoS protection.

Nokia Deepfield Defender is a component of the Deepfield portfolio of IP network intelligence, analytics and security applications and uses network-based big data. The advanced analytics are combined with the embedded, multi-layer network security capabilities of Nokia 7750 Service Router and 7950 XRS routers to eliminate highly distributed, high-volume DDoS attacks from impacting service provider networks and customers.

Dr. Craig Labovitz, CTO, Nokia Deepfield, said: “It is equally important for every participant in the network security ecosystem – end users, vendors, service providers, cloud builders, regulators and governments – to understand the dangers DDoS poses to the availability of internet content, applications and critical connectivity services. With this knowledge and a community commitment to solving the DDoS problem, we can go a long way towards making our networks, services and subscribers more secure.”

Dr. Labovitz added: “With the new Nokia Deepfield Defender solution, we take a unique approach in leveraging the combined power of high-performance IP networks and big data analytics to protect the network on all fronts from all volumetric DDoS attacks, at petabit scale, without lifting a hand. It will allow network operators to make a big leap towards improving overall security and availability of their networks and services for all their customers.”

Nokia Deepfield’s DDoS traffic analysis is based on a large global sample of service providers, ranging from companies which provide global transit and residential broadband services, to regional providers, Content Delivery Networks (CDNs), webscale and hosting companies. The analysis examined overall changes in internet traffic pattern, with a specific focus on DDoS security.


About Nokia
We create technology that helps the world act together.

As a trusted partner for critical networks, we are committed to innovation and technology leadership across mobile, fixed and cloud networks. We create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs.

Adhering to the highest standards of integrity and security, we help build the capabilities needed for a more productive, sustainable and inclusive world.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-07-26
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoi...
PUBLISHED: 2021-07-26
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV ...
PUBLISHED: 2021-07-26
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePos...
PUBLISHED: 2021-07-26
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
PUBLISHED: 2021-07-26
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.