DDoS Attacks Increasingly Blended Multiple Attack Vectors in Q3 2017

According to Nexusguard’s Q3 2017 Threat Report, 55 percent of DDoS attacks in the third quarter of the year were multi-vector attacks, blending UDP-flood, NTP amplification and other attack vectors.

The report, based on an analysis of more than 9,600 attacks, found that hackers launched 10 times as many network time protocol (NTP) amplification attacks during Q3 2017 as in Q3 2016. The third quarter also saw a 68.7 percent increase in universal datagram protocol (UDP) attacks.

The overall number of DDoS attacks rose 15.6 percent over the previous quarter.

“Our Q1 predictions that UDP-based attacks originating from NTP vulnerabilities would increase came true, as we observed NTP amplification reach a new high with a 425 percent jump compared to Q2,” Nexusguard CTO Juniman Kasman said in a statement. “Additionally, multi-vector attacks created higher levels of difficulty in differentiating attack traffic from normal traffic, overwhelming traditional mitigation methods.”

“To protect against these types of attacks, organizations need to develop coordinated efforts to uncover new threats, remedy affected apps and ensure mitigation methods can flex and suppress growing attacks,” Kasman added.

China was responsible for almost 21 percent of DDoS attacks worldwide in the third quarter, followed by the U.S. at 15 percent.

For more on DDoS attacks, see 6 Tips for Fighting DDoS Attacks and Types of DDoS Attacks.

Targeting Bitcoin

Imperva’s Global DDoS Threat Landscape Report for the third quarter found that attacks on bitcoin exchanges represented 3.6 percent of network layer DDoS attacks during the quarter, bringing cryptocurrency exchanges into the list of the top 10 attacked industries for the first time.

“This is a clear example of DDoS attackers following the money,” Imperva senior manager Igal Zeifman said by email. “As a rule, extortionists and other cybercriminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected.”

The report, based on an analysis of 5,765 DDoS attacks, also found that 29.6 percent of network layer targets were hit 10 or more times.

The third quarter also saw an increase in the number of high packet rate network layer attacks, in which the packet forwarding rate exceeded 50 Mpps or even 100 Mpps.

“This is a cause for concern, as many mitigation solutions are ill equipped to process packets at such a high rate,” the report notes.

Verisign’s Q3 2017 DDoS Trends Report found that fully 88 percent of all DDoS attacks observed in the third quarter leveraged multiple attack types, and 29 percent leveraged five or more.

The largest attack observed by Verisign in the third quarter was a multi-vector attack lasting approximately two and a half hours, which peaked at 2.5 gigabits per second and approximately 1 million packets per second.

The IT/cloud/SaaS industry was the most targeted industry, representing 45 percent of attacks, followed by the financial sector at 20 percent.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles