DDoS Attacks Jump 542% from Q4 2019 to Q1 2020

The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.

Dark Reading Staff, Dark Reading

July 1, 2020

2 Min Read

In the first quarter of 2020, distributed denial-of-service (DDoS) attacks jumped more than 542% compared with the last quarter of 2019 and more than 278% year-over-year. NexusGuard researchers suggest the spike may be linked to a parallel increase in malicious cyber activity during the COVID-19 pandemic.

Cybercriminals have responded to the work-from-home shift with a series of long DDoS attacks aimed at hosting providers and businesses. The Akamai team recently mitigated the largest packet-per-second DDoS attack recorded on the company's platform — double the volume of its previous record. Researchers see attackers shifting toward attacks with lower bits-per-second and higher packets-per-second, likely seeking weak spots in DDoS mitigation techniques.

In addition to traditional DDoS attacks, NexusGuard researchers detected abnormal traffic patterns from ISPs such as traffic generated from infected devices, and traffic generated by exploiting open resolvers (DNS, DLAP, etc.) to create small, short attacks they call "invisible killers." ISPs often overlook these threats, the researchers explain in a new DDoS threat report. 

Data shows 67% of DDoS attacks fall in the size range of 1 Gbit/s and 5 Gbit/s. These typically are shorter than 15 minutes and create fewer than 200 events per day. Because these attacks are smaller and are overlooked compared with overall traffic, it normalizes the traffic activity and gives the "invisible killer" access to networks of websites and online services to cause damage. 

NexusGuard found these "bits-and-pieces attacks" result from slowly bringing doses of junk traffic into a large IP pool, which can clog the target system when pieces start to accumulate from different IPs. Ninety percent of attacks used a single-vector approach, a shift from the multivector attacks commonly used in the past.

Read more details here.






Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights