570% increase in bit-and-piece DDoS attacks in 2020

Researchers find traditional threshold-based attack detection is no longer reliable with new bit-and-piece changes

September 25, 2020

Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to the new Nexusguard Q2 2020 Threat Report. Perpetrators used bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic. Nexusguard analysts witnessed attacks using much smaller sizes—more than 51% of bit-and-piece attacks were smaller than 30Mbps—to force communications service providers (CSPs) to subject entire networks of traffic to risk mitigation. This causes significant challenges for CSPs and typical threshold-based detection, which is unreliable for pinpointing the specific attacks to apply the correct mitigation.

Improvements in resources and technology will cause botnets to become more sophisticated, helping them increase resilience and evade detection efforts to gain command and control of target systems. The evolution of attacks means CSPs need to detect and identify smaller and more complex attack traffic patterns amongst large volumes of legitimate traffic. Nexusguard analysts recommend service providers switch to deep learning-based predictive models in order to quickly identify malicious patterns and surgically mitigate them before any lasting damage occurs.

“Increases in remote work and study mean that uninterrupted online service is more critical than ever,” said Juniman Kasman, chief technology officer for Nexusguard. “Cyber attackers have rewritten their battlefield playbooks and craftily optimized their resources so that they can sustain longer, more persistent attacks. Companies must look to deep learning in their approaches if they hope to match the sophistication and complexity needed to effectively stop these advanced threats.”

In the past, attackers have used bit-and-piece attacks with a single attack vector to launch new attacks based on that vector. Nexusguard reported a tendency to employ a blend of offensive measures in order to launch a wider range of attacks, intended to increase the level of difficulty for CSPs to detect and differentiate between malicious and legitimate traffic.

Nexusguard’s DDoS threat research reports on attack data from botnet scanning, honeypots, CSPs and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cyber security trends. Read the full Nexusguard Q2 2020 Threat Report for more details.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.