2018 DDOS attack statistic reveals a change of trend in DDOS attacks matrix i.e the total number of DDoS attack has decreased in the year for first time since DDOS attacks has taken shape as a cognizable risk on smooth operation of an web application. The latest quarterly DDoS attack report published by Kaspersky Lab show cases a consistent fall of DDoS attack volume starting from the first quarter of the year except the third quarter where DDoS attack volume has saw 32% growth over the volume for same period in 2017 due to anomalously active September.

Here are a few statistics to help clarifying how DDoS attack matrix has evolved during 2018 —

A Drop in DDoS Attack Frequency

The biggest surprise in Karpersky Lab’s report has been the falling frequency which has been the first fall in YoY statistic ever seen. Overall in 2018 total number of DDoS attack has been seen falling by 13% in comparison with the number recorded during the previous year.

Quarterly comparison of the number of DDoS attacks defeated by Kaspersky DDoS Protection in 2017–2018 (100% = number of attacks in 2017)
Quarterly comparison of the number of DDoS attacks defeated by Kaspersky DDoS Protection in 2017–2018 (100% = number of attacks in 2017)

The greatest fall has been recorded in Q4 when the frequency if DDoS attack has been recorded to be only 70% of the number recorded during the same period previous year. While the first two quarter of the year also seen steady improvement of the number i.e. 83% and 76% respectively, the third quarter outstripped the previous year figure by a whooping 32% growth.

A Steady Growth Over the Duration of Attack

Despite of decrease in volume the average duration of attack has seen a steady growth throughout the year. While the average duration of all attacks has been 95 minutes in Q1 it has been 218 minutes in Q4 2018. While comparing the volume of DDoS attacks from different duration segments, in 2018, attacks lasting more than 50 hrs have increased its share (1.26%) by more than 11 times of its share of only 0.11% in 2017. That can be translated to that there has been an increased trend for the attack organizers of being more focused to particular targets rather than distributing their technical resources to a number of targets. That may be a response to the increased scrubbing capacity offered by DDoS protection engines.

Distribution of DDoS attacks by duration (hours), 2017 and 2018
Distribution of DDoS attacks by duration (hours), 2017 and 2018

SYN Flooding & UDP Flooding Still Remains the Most Preferred Attack Method

With 58.20% contribution to the total number of attacks SYN flooding still remains the most used attack technique in 2018. However its margin from UDP flooding attack has been narrowed. UDP flooding has increased its share to almost a third of all types of DDoS attacks (31.10%), followed by TCP flooding (8.40%) and HTTP flooding (2.20%).

Distribution of DDoS attacks by type, 2018
Distribution of DDoS attacks by type, 2018

Attack Geography: China is Still Too Far From Giving Away Its Top Positions

Among most popular attack origin, China scored gold again as it do the most of the time. However during Q4, 2018 its share has been fallen more than 8%, while comparing with same timeframe of the previous year, but still contributes more than half of all attacks. The second place has been booked by the US scoring 24.90% during Q4, a figure which is 50% higher from its Q4, 2017 score of 16%. Australia and Brazil has risen to third and forth spot respectively by replacing South Korea and Britain.

Top DDoS Attack Origin in 2018
Top DDoS Attack Origin in 2018

On the target front too China has been the most in the firing line. It has been in the receiving end of 43.26% of all DDoS attacks during Q4, 2018. All through being on the top its number has improved from its Q4, 2017 score of 51.84%. United States and Australia has bee two loyal followers securing the 2nd and 3rd place with 29.14% & 5.91% respectively.

Top DDoS Attack Target Countries in 2018
Top DDoS Attack Target Countries in 2018

Conclusion

Simultaneous decrease in number of attacks and increase in average duration clearly illustrates that the DDoS attack organizers now trending to focus on particular targets rather than diversifying their resources towards multiple targets. An increase in more complected attack types denotes to increased intelligence in bypassing an web server firewall, hence highlighting the requirement of an advanced DDoS protection engine to stay secure from DDoS attacks. Incase your web application server is not ready to protect you from such voluminous and prolonged DDoS attacks you might intend to speak to a application security consultant.