The growth in both large- and small-scale distributed denial-of-service attacks continues its upward trajectory, according to a report by Neustar’s Security Operations Center (SOC).
The third quarter of 2019 Cyber Threats and Trends report reveals that the number of DDoS attacks was up 241 percent in the third quarter of 2019, compared to the same period last year.
The report also confirmed the continued increase in small-scale attacks and the use of multiple threat vectors, as new vectors continue to expand the attack surface that organisations must defend.
In the third quarter of 2019, the number of small threats was 303 percent higher than in the same period last year. Small attacks, including growing numbers of application-layer incursions, accounted for 81 percent of total attacks in third quarter 2019, up from 75 percent in the previous quarter and up from 69 percent a year ago.
The increase in small-scale attacks has led to a decrease in the average attack size, from 10.5 Gigabits per second (Gbps) in third-quarter 2018 to 7.6 Gbps in the third quarter of 2019. Average intensity is also down, to 7.6 Million packets per second (Mpps) in Q3 2019, compared to 10.5 Mpps in third quarter2018. However, this quarter’s most intense attack, at 343 Mpps, was 24 per cent higher than the most intense attack seen in the same period last year.
Attacks of 100 Gbps and above were up nearly 200 percent in Q3 2019, year over year, with the largest being 273 Gbps) smaller and more targeted attacks are growing at a faster rate. These smaller strikes, which often hide application-layer attacks, are easier to mount and, importantly, often evade immediate detection, allowing them to continue for several days, causing increasingly more damage.
In a recent Neustar International Security Council (NISC) survey, only around a quarter of senior-level cybersecurity decision-makers indicated that they were “very likely” to notice these small attacks, meaning that many incursions may succeed in degrading the performance of specific services and negatively affecting the user experience. Online gaming platforms, for example, are particularly sensitive and see frequent DDoS assaults, but latency can be costly for almost any type of business. A DDoS mitigation service that is “always-on” within the flow of traffic is the only way to ensure that these incursions are detected and blocked.
In the third quarter of 2019, more than 86 percent of all attacks mitigated by Neustar used two or more threat vectors, including eight percent featuring five or more vectors.
In addition to new application-layer threats, new volumetric and protocol/state exhaustion vectors, such as DDoS reflection/amplification attacks, are emerging. Vectors that feature an amplification factor enable a small request to deliver a large payload. In reflection/amplification attacks, attackers spoof their IP address to make it appear as if the original request came from the target, so the response is directed to the target rather than the attacker. Emerging threats in this category include attacks on Apple Remote Management services, Web Services Dynamic Discovery, the Ubiquiti Discovery Protocol, the Constrained Application Protocol and HTML5 hyperlink auditing ping redirection.
DDoS attacks of all sizes and types are increasing. This quarter, for the first time, the number of NISC survey respondents who indicated that they had ever been on the receiving end of a DDoS attack was greater than the number who said they had not. The percentage admitting to an attack jumped to 59 percent in this quarter’s survey, compared to an average of 46 percent over the past 14 months of survey data.
“This is not a time to be complacent. Q4 through the beginning of Q1 is traditionally the time when DDoS attacks hit the hardest”, said Rodney Joffe, senior vice president, senior technologist and fellow at Neustar.
“There are nearly 20 billion IoT devices in use across the world right now, and many of them still use the same generic, factory-issued security features they were built with. It no longer takes an experienced, savvy, cybercriminal to orchestrate a DDoS attack — a novice hacker can now rent a cloud-based botnet for about $25 an hour.”
“Furthermore, we’re seeing continued growth of smaller, more targeted attacks capable of evading defenses and targeting a vulnerable piece of infrastructure or just degrading performance. Even small-scale incursions can destroy customer confidence and create a poor user experience, so businesses that do not have an ‘always on’ DDoS mitigation service already should consider engaging one,” added Joffe.