Distribution of DDoS attack vectors
The quarterly report, which measured more than 8,300 attacks, demonstrated that hackers continued to rely on volumetric attacks to overwhelm system resources. For example, UDP-based attacks increased by 15 percent this quarter, targeting hijacked devices connected to the IoT, and overtaking SYN, HTTP Flood and other popular volumetric attacks in popularity.
With the average attack rating 4.63 Gbps in size, enterprises that do not yet have access to high-capacity DDoS mitigation were most likely to suffer interruption from attacks.
IoT networks continued to be targeted by DDoS attacks during Q2, including a new botnet, Persirai, which attacked more than 1,000 different models of IP cameras. Nexusguard gathers the DDoS attack data through botnet scanning, honeypots, ISPs and traffic moving between attackers and their targets that is unbiased by any single set of customers or industries. With UDP attacks growing in favor, the company recommends enterprises protect their DNS servers and employ Anycast routing technology to distribute the footprint of these DDoS attacks.
“UDP attacks can frequently act as smokescreens over other malicious behavior, such as efforts to execute remote codes, malware, or compromise personally identifiable information,” said Juniman Kasman, CTO for Nexusguard. “Due to the speed with which UDP attacks can overwhelm DNS servers and hijack IoT devices, rapid detection and response is critical for overcoming these types of attacks. Organizations need to protect their DNS servers, and should consider using Anycast routing technology to avoid saturating individual attack targets.”
Distribution of attack durations, Q2 2017
DDoS around the world
As DDoS extortionist gangs became increasingly active in several European countries, Switzerland made its first-ever appearance in the top three DDoS attacker countries.
Nexusguard analysts found China was the leading source of DDoS attacks, originating 34 percent of the attacks measured and bumping the U.S. to second place, which was the source of 21 percent of DDoS attacks.