In the first quarter of the year, DDoS attacks rose more than 278 percent compared to Q1 2019 and more than 542 percent compared to the last quarter, according to Nexusguard’s Q1 2020 Threat Report. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to interrupt service for large companies and individuals alike. Internet service providers (ISPs) face increasing challenges to curb undetectable and abnormal traffic before they turn into uncontrollable reflection attacks.
In an effort to curb the spread of COVID-19, working from home has become the new norm and household internet connectivity is more important than ever, says Nexusguard, and this heavy reliance on online services has given rise to a trend of attacks meant to overwhelm ISPs. In addition to traditional DDoS attacks, Nexusguard researchers identified various abnormal traffic patterns, including small-sized, short attacks dubbed “invisible killers.” These types of attacks are often overlooked by ISPs, which gives the invisible anomalies access to website and online services networks to cause havoc.
“We believe the small ‘invisible killer’ attacks are not isolated cases, but ongoing trends which can no longer be dismissed at the risk of Internet network infrastructure suffering a deluge of attacks,” said Juniman Kasman, chief technology officer for Nexusguard. “It’s imperative that Internet service providers take the initiative to address any suspicious traffic—irrespective of size or quantity—to ensure customers don’t experience outages from DDoS attacks.”
Nexusguard findings also showed that bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These attacks result from drip-feeding doses of junk traffic into a large IP pool, which can clog the target when bits and pieces start to accumulate from different IPs. According to the report, 90 percent of attacks employed a single-vector approach, which is a change from the popularity of multi-vector attacks in the past.
Nexusguard’s DDoS threat research reports on attack data from botnet scanning, honeypots, CSPs and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cyber security trends. Read the full "Q1 2020 Threat Report" for more details.