According to a new report, in the fourth quarter of 2018, average size of distributed denial of service (DDoS) attacks decreased considerably. Recently the onslaught from FBI on 15 DDoS-for-hire websites seems to have had a legitimate impact on DDoS attacks.
The report surfaced earlier this week from researchers in NexusGuard, that the number of DDoS attacks also decreased significantly, dropping by approximately 11 percent in the last quarter of the year 2018.
According to the report provided by the researchers, The decrease was mainly accredited to the FBI’s triumphant takedown of 15 huge ‘Booter’ websites that seems to be accountable for having generating 200,000 plus DDoS attacks ever since 2014. The crackdown not only have taken a toll on the total number of attacks but also impacted average attack size. The decrease in the total number of DDoS attacks has been 23.9% YoY basis while the decrement in average attack size clocked to whopping 85%. Actuality, more than 90 percent of DDoS attacks rated lesser than one Gbps in size. The quarterly average duration was 452.89 minutes, while the greatest attack lasted 18 days, 21 hours, and 59 minutes according to the researchers.
If we compare the size with the biggest DDoS attack, recorded in the year March 2018 which was targeting GitHub, calculated at 1.3 Tbps of unremitting traffic for a period of eight minutes; while in the year 2016, then biggest attack by Mirai botnet was capped at 620 Gbps only.
DDoS-for-hire, popularly called “booter” services, makes DDoS attack viable for any user by simply paying the designated fee assigned to their desired attack size and duration. Thus allow them to temporarily taking down an online target by flooding the with swarm of bot generated traffic.
The crackdown conducted by FBI an week before the Christmas, targeted 15 major service providers including downthem.org, ragebooter.com, quantumstress.net and now believed to be considering very legal action. All 15 targeted domain has been taken offline by the department of justice and charges has been filed against three defendants who allegedly run those services.
More Advanced Attack Types Soar
As it has been anticipated earlier, and has been quite gradual in trends traditional attack types like UDP flooding, TCP SYN flooding etc is paving way for more complicated and sophisticated attach types like SSDP. In the last quarter of 2018 SSDP attack type soared to 48.26 percent while UDP flooding type attack only comprised of 14.26% of all attack types. The decreasing trend of common attack types like is now continuing for the second year.
SSDP amplification attack is a network layer targeted DDoS attack which is launched over UDP via Universal Plug and Play devices such as printers, web cameras, routers, and servers. The conventional attack types like UDP Flooding, TCP SYN Flooding etc which are now became easy to be detected and blocked by firewalls and DDoS Mitigation Mechanism; is now making way for a new and malicious type of attack: Simple Service Discovery Protocol (SSDP) Amplification attacks, which is amplified by a decent 3,122 percent year over year. Usual attacks like UDP, TCP SYN and ICMP dropped considerably on a yearly basis, with additional newer, further menacing approaches growing past them in recognition.
Law enforcement might have a limited temporary impact on DDoS attack matrices, however due to increased anticipation on undetectable malware development and increase usage of internet enabled devices will keep pushing these statistics upward. That sudden crack down by FBI which is also expected to be followed up by enforcement and regulatory agencies of other most effected countries will possibly stop public trading of DDoS attack services. However availability of such services for non tech-savvy bad actors will be continued being channeled by black market. Increased user awareness over time will help to tame the ratio of devices being hacked and used as traffic terminals, however cheaper data and increased affordability of IoT enabled devices will pair it up with negative bias.
The ultimate solution for a business to stay protected against continuous advancement of DDoS attack technology is to deploy proactive DDoS attack mitigation mechanism which detect and mitigate DDoS attacks even before reaching its pick volume.