The growth in both large- and small-scale distributed denial-of-service attacks continues its upward trajectory, according to a new report released by Neustar’s Security Operations Center (SOC).
The Q3 2019 Cyber Threats and Trends report reveals that the total number of DDoS attacks was up 241% in the third quarter of 2019, compared to the same period last year.
The report also confirmed the continued increase in small-scale attacks and the use of multiple threat vectors, as new vectors continue to expand the attack surface that organizations must defend.
The Neustar SOC saw a steady growth in the number of threats year over year, especially in attacks sized 5 gigabits per second and under. In Q3 2019, the number of those small threats was 303% higher than in the same period last year. Small attacks, including growing numbers of application-layer incursions, accounted for 81% of total attacks in Q3 2019, up from 75% in the previous quarter and up from 69% a year ago.
Degrading performance with small attacks
The increase in small-scale attacks has led to a decrease in the average attack size, from 10.5 Gigabits per second (Gbps) in Q3 2018 to 7.6 Gbps in Q3 2019. Average intensity is also down, to 7.6 Million packets per second (Mpps) in Q3 2019, compared to 10.5 Mpps in Q3 2018. However, this quarter’s most intense attack, at 343 Mpps, was 24% higher than the most intense attack seen in the same period last year.
While the number of large-scale attacks continues to grow (attacks of 100 Gbps and above were up nearly 200% in Q3 2019, year over year, with the largest being 273 Gbps) smaller and more targeted attacks are growing at a faster rate. These smaller strikes, which often hide application-layer attacks, are easier to mount and, importantly, often evade immediate detection, allowing them to continue for several days, causing increasingly more damage.
Multiplying threat vectors
In Q3 2019, more than 86% of all attacks mitigated by Neustar used two or more threat vectors, including 8% featuring five or more vectors.
In addition to new application-layer threats, new volumetric and protocol/state exhaustion vectors, such as DDoS reflection/amplification attacks, are emerging. Vectors that feature an amplification factor enable a small request to deliver a large payload. In reflection/amplification attacks, attackers spoof their IP address to make it appear as if the original request came from the target, so the response is directed to the target rather than the attacker. Emerging threats in this category include attacks on Apple Remote Management services, Web Services Dynamic Discovery, the Ubiquiti Discovery Protocol, the Constrained Application Protocol and HTML5 hyperlink auditing ping redirection.
DDoS attacks of all sizes and types are increasing. This quarter, for the first time, the number of NISC survey respondents who indicated that they had ever been on the receiving end of a DDoS attack was greater than the number who said they had not. The percentage admitting to an attack jumped to 59% in this quarter’s survey, compared to an average of 46% over the past 14 months of survey data.
Read the Neustar Q3 2019 Cyber Threats and Trends Report here.