A Distributed Denial of Service (DDoS) attack is a malicious and increasingly popular way to sabotage a company or business. It involves the hacker creating (or renting) a botnet and using it to bring an abundance of traffic to a server, causing it to malfunction. Aside from the obvious downtime, which is costly by itself, DDoS attacks can also bring about many other consequences such as ransom requests, data theft, reputation damage, etc.
Cloudflare has just released their report on network-layer DDoS attacks for the fourth quarter of 2020. Aside from the increase in total attack numbers, Q3 hasn’t seen too many changes in comparison to the previous quarters. However, that’s not the case with Q4, as we’ve seen more than a few interesting trends pop up.
Unfortunately, when it comes to application-layer DDoS attacks, there are no recent reports that we could analyze. Therefore, we will be focusing on network-layer attacks.
The Total Number of Attacks Is Finally Decreasing
In contrast to Q3, which constituted 48% of all 2020 attacks, Q4 has seen a decrease in the overall number of attacks, making up 15% of said attacks. The busiest month for DDoS attackers in Q4 was December, contributing around 7%. However, that seems insignificant when compared to the overall busiest month of 2020, September, in which a whopping 24% of all attacks occurred.
Perhaps the previous surge has led organizations to pay more attention to cybersecurity and prepare better for future DDoS attacks. Another possible reason for this trend could be that cybersecurity companies have improved their DDoS protection and mitigation techniques. For instance, although the recent rise of AI has undoubtedly brought about more sophisticated DDoS attacks, it’s probably helped develop better defense strategies as well.
Of course, that does not mean that we can relax. As 5G and its never-before-seen speed become even more popular, we can certainly expect the number of attacks to increase once again. Therefore, online businesses need to be more careful than ever.
Major DDoS Attacks Are on the Rise
First of all, the number of long DDoS attacks (24 hours or more) has seen an increase from the last quarter, from 1.5% in Q3 to 9% in Q4. Even though short attacks (an hour or less) are still the most prevalent, making up 73% of all attacks in Q4, there’s been a slight decline compared to Q3 (88%). It’s no surprise that small attacks are still the most popular, as they require less money and skill to perform than bigger ones. Still, the observed rise of major attacks could be worrisome.
Secondly, there’s also been a change in throughput. For those that don’t know, throughput is the rate at which data is being processed in a communication network. We can measure it using either bit rates or packet rates.
When it comes to bit rates, the percentage of attacks with the rate of over 100 Gbps has grown from 0.5% in Q3 to 6% in Q4. At the same time, the number of attacks under 500 Mbps has seen a decrease, from 84.4% in Q3 to 50% in Q4. When we look at packet rates, there’s been a slight increase in attacks over 1M pps and a slight decrease in attacks under 1M in the latest quarter.
Protocol-Based Attacks Are Becoming More Popular
As far as attack vectors are concerned, SYN flooding is still the go-to method for DDoS attackers. In Q4, it’s been used in around 42% of all cases, which is consistent with the last few reports.
However, there’s been a sudden increase in ACK attacks, which were 13 times more prevalent in Q4 than in Q3. Another alarming trend is the rise and popularization of UDP-protocol attacks, specifically NetBIOS and ISAKMP, followed by SPSS.
In other words, DDoS attacks are constantly changing methods, becoming more and more complex, and thus harder to understand and mitigate.
RDDoS Attacks Continue to Terrorize Organizations
The most concerning recent trend is definitely the continued rise of ransom and extortion-based DDoS attacks. There are two main types of these attacks. Some attacks involve asking for money first and then proceeding with the attack if the target doesn’t pay a certain sum. Others involve the hackers attacking first and then requesting money. In this case, the victim has to pay up in order to get them to quit.
No matter the type, an RDDoS attack can truly wreak havoc on organizations and online businesses. It can cost companies hundreds of thousands of dollars. Money has always been a strong motivator for hackers and criminals alike, maybe even stronger than hate and competitive gain.
In addition, more and more DDoS hackers are asking for Bitcoins. One such example is what happened to the company Radware just about a month ago. Many of its customers received emails threatening a vicious DDoS attack unless they pay 5–10 Bitcoins.
Overall, 2020 has been a turbulent year when it comes to network-layer DDoS attacks. After a surge in the third quarter, the total number of attacks has dropped in Q4. On the other hand, there’s also an uptick in long and exhausting attacks and a slight decrease in short ones. Next, ACK and UDP protocol-based methods are becoming more popular. Lastly, ransom attacks are as frequent and problematic as they’ve ever been.
Hopefully, we’ll have more research on DDoS attacks in the near future, especially for application-layer attacks. Only then will we understand DDoS attacks to their fullest extent and successfully prevent them.