In the first quarter of 2020, distributed denial-of-service (DDoS) attacks jumped more than 542% compared with the last quarter of 2019 and more than 278% year-over-year. NexusGuard researchers suggest the spike may be linked to a parallel increase in malicious cyber activity during the COVID-19 pandemic.
Cybercriminals have responded to the work-from-home shift with a series of long DDoS attacks aimed at hosting providers and businesses. The Akamai team recently mitigated the largest packet-per-second DDoS attack recorded on the company's platform — double the volume of its previous record. Researchers see attackers shifting toward attacks with lower bits-per-second and higher packets-per-second, likely seeking weak spots in DDoS mitigation techniques.
In addition to traditional DDoS attacks, NexusGuard researchers detected abnormal traffic patterns from ISPs such as traffic generated from infected devices, and traffic generated by exploiting open resolvers (DNS, DLAP, etc.) to create small, short attacks they call "invisible killers." ISPs often overlook these threats, the researchers explain in a new DDoS threat report.
Data shows 67% of DDoS attacks fall in the size range of 1 Gbit/s and 5 Gbit/s. These typically are shorter than 15 minutes and create fewer than 200 events per day. Because these attacks are smaller and are overlooked compared with overall traffic, it normalizes the traffic activity and gives the "invisible killer" access to networks of websites and online services to cause damage.
NexusGuard found these "bits-and-pieces attacks" result from slowly bringing doses of junk traffic into a large IP pool, which can clog the target system when pieces start to accumulate from different IPs. Ninety percent of attacks used a single-vector approach, a shift from the multivector attacks commonly used in the past.
Read more details here.