The complexity and size of DDoS attacks in 2019 has increased significantly compared to 2018. A report published by NaWas by NBIP concludes that despite the number of attacks has decreased slightly over 2019, their complexity and size has increased significantly.
Fewer attacks, more complexity and larger in size
Slightly fewer DDoS attacks were observed in 2019 compared to 2018 (919 attacks and 938 attacks respectively). In addition, the number of participants increased by almost 10%, which probably means that the relative decrease is greater.
However, attacks are becoming larger and more complex, says Octavia de Weerdt, managing director of NBIP. “The largest attack we observed in 2019 was 124 Gbps. The most complex attack used 30 vectors, i.e. 30 different methods to carry out a DDoS attack were combined into a single attack.
“In 2018, the largest attack we saw was 68 Gbps, while the maximum number of vectors was 12. These are big differences for which we unfortunately can’t give an immediate explanation.”
A persistent trend
The increasing complexity and size of DDoS attacks fits in with a trend that has been going on for several years. In 2017 there were no attacks of 40 Gbps or more, while in 2019 there were no attacks of less than 40 Gbps in the top 10 largest DDoS attacks.
De Weerdt: “There is a continuous arms race regarding DDoS attacks. Attackers try to find new vulnerabilities and methods to carry out a successful attack. Organizations that are victims of DDoS attacks meanwhile try to adapt their mitigation capabilities accordingly. This arms race will not end for the time being.
“For example, in the first quarter of 2020, we already observed a DDoS attack of 140 Gbps, and we have seen as many very large attacks of 40 Gbps or more as in the whole of 2019″.