Throughout 2019, DDoS attacks have continued to grow in frequency, intensity, and sophistication. However, the delivery method of using infected botnets and vulnerable servers to perform crushing attacks on a massive scale has not changed during that time. Unlike traditional security methods, where attackers leverage obfuscation to prevent detection, the loud distributed nature of DDoS attacks creates opportunities for defenders to take a more proactive approach by focusing on the weapon’s location.
Winding back to the first DDoS attack which occurred in 1997 during a DEF CON event in Las Vegas. The culprit was notorious hacker Khan Smith, who successfully shut down Internet access on the Vegas Strip for over an hour. The release of some of this code soon led to online attacks against Sprint, EarthLink, E-Trade, and many more organisations.
Fast forward to 2019 and AWS, Telegram, and Wikipedia were among the top victims of DDoS this year. In fact, in September Wikipedia suffered what appears to be the most disruptive attack in recent memory.
The DDoS attack carried on for three days rendering the site unavailable in Europe, Africa and the Middle East. The size of the attack was not made public, but it is clear that it was an old-style volumetric flood designed to overwhelm the company’s web servers with bogus HTTP traffic. Given the protection that sites employ these days, this suggests that it was well into the terabits-per-second range used to measure the largest DDoS events on the Internet.
Similarly, the largest DDoS attack in Q1 2019 was 587GB/s in volume, compared to 387GB/s in volume for the largest Q1 2018 attack. Also noteworthy is the fact that attacks above 100GB/s increased 967% in 2019 versus 2018, and attacks between 50GB/s and 100GB/s increased 567%. Indeed, Cisco estimates that the number of DDoS attacks exceeding one gigabit of traffic per second will soar to 3.1 million by 2021.
Here at A10 Networks, we have been tracking the state of the DDoS attack landscape and DDoS weaponry and what we have found over the year is that IoT is a hotbed for DDoS botnets. Likewise, with 5G on the horizon, with its higher data speeds and lower latency, this will dramatically expand attack networks as it presents an opportunity to increase the DDoS weaponry available to attackers.
For more security news visit here.