UDP flood attacks becoming increasingly powerful

When it comes to quantitative indicators, the last quarter can be marked by significant quantitative decline, according to DDoS-GUARD. The number of detected DDoS attacks is 57% lower than in the previous quarter and equals to 12583. But don’t get excited too soon, as the attacks quality, volume and complexity has increased markedly.

The maximum volume of malicious traffic for a single UDP flood attack totaled 217.7 Gbps, which is 71% higher than in the first quarter of 2016. The largest TCP flood attack reached 119.8 Gbps, which is 49% more powerful than in the first quarter. The average volume of all types of DDoS attacks has also increased by 10% and amounted to 1.15 Gbps.

The protocol and volumetric attacks volume for the reporting period increased by 12 times and averaged to 450,603 packets per second.

Spring-summer trends

• Multidirectional attacks, i.e. the attack on a single host is performed through multiple protocols at a time
• Combination of low-volume and short-term targeted high-volume flood attacks
• Social media is used to generate malicious traffic (e.g. using standard Facebook API and a large number of bots).

From this perspective, we can assume that most of the DDoS attacks that were detected during spring and early summer period were organized and conducted by professional hackers. Thus, the decreasing number of plain attacks is a reflection of the fact that students were busy preparing for the exams.

The second quarter was remarkable for a significant increase of attacks on online stores and gaming projects. This can be explained by the fact that people spend more time on shopping, getting prepared for their vacation, thus the increased competition between stores results in an increase of DDoS attacks in this time of the year. While popular online game servers are always among the favorite attack targets for hackers.

World map

Distribution of DDoS attacks on the world map. Hosts located in China and Russia have become a bit less popular if compared to the previous quarter, but the TOP-3 leaders remained the same:

• China – 41%
• Russia – 30%
• USA – 29%

This rating indicates the percentage of attacks with target hosts located specifically in these three countries. When it comes to the global statistics – more than 70% of all attacks are targeted to the TOP-3 countries.

All told, the forecasts made by the company experts upon the 1st quarter of 2016 were justified. Number of plain attacks (UDP flood) has decreased, although their volume has increased considerably. At the same time, there were attacks targeted on the internal infrastructure of the protection provider, which can be considered as reconnaissance attacks.

Nevertheless, despite the efforts of unknown attackers we have managed to maintain the availability of company resources, while the analysis of DDoS attacks, performed by our experts, has helped us to improve the data protection algorithms.