Nexusguard: Whopping 542% Surge in DDoS Attacks in Q1

The number of distributed denial of service (DDoS) attacks skyrocketed more than 540% in the first quarter compared to the last quarter of 2019.

That’s according to Nexusguard’s Q1 2020 Threat Report. The report measured thousands of DDoS events in the first quarter, which featured an abnormal surge in DDoS attacks amid the COVID-19 pandemic.

In the first quarter, DDoS attacks rose more than 278% compared to Q1 2019. And they rose more than 542% compared to the previous quarter.

Other findings include:

• User datagram protocol (UDP) is often a smokescreen to mask other malicious activities. It was the most popular type of approach, comprising more than 75% of attacks this quarter.
• More than 90% of attacks used a single vector, compared to the previously popular multi-vector attacks.

No Industry Spared

Tony Miu is research manager at Nexusguard. He said when it comes to a DDoS attack, no particular industry is spared. The more common industries are ISPs, financial service institutes, e-business, gaming, education and government.

Nexusguard’s Tony Miu

“If victims don’t have an existing DDoS mitigation solution or strategy, DDoS attacks will take their online assets offline,” he said. “In our findings, the majority of recent DDoS are volumetric in nature, [with the goal of] exhausting the bandwidth resources of the victims. During such an attack, their connectivity to the internet will be congested. And, as a result, their online service will [become] unavailable to their normal users. This situation can persist indefinitely until the attackers relent, or until the victim puts in place an effective solution to address the DDoS problem.”

Attacks can cause collateral damage to other unwilling entities sharing the same resource, Miu said. Those can be an internet prefix or an ISP device, Miu said.

“DDoS protection solutions come in various forms, with varying cost to implement and effectiveness,” he said. “We believe all organizations should have a DDoS playbook and a DDoS solution in place, however basic it might be; for example, a clean pipe add-on that can come from its ISP providing its internet connectivity. The playbook should also identify and cover advanced strategies that [one] can employ quickly when under an advanced attack.”

The COVID-19 Effect

In an effort to curb the spread of COVID-19, working from home has become the new norm. Household internet connectivity is more important than ever. This heavy reliance on online services has given rise to a trend of attacks meant to overwhelm ISPs.

In addition to traditional DDoS attacks, Nexusguard researchers identified various abnormal traffic patterns, including small, short attacks dubbed “invisible killers.” ISPs often overlook these attacks, giving these invisible anomalies access to website and online services networks to cause havoc.

Also, bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These attacks result from drip-feeding doses of junk traffic into a large IP pool. That can clog the target when bits and pieces start to accumulate from different IPs.

“Organizations should identify and organize resources and assets so that in the event of an attack, collateral damages to non-targeted assets are minimized,” Miu said. “At the same time, the effectiveness of DDoS mitigation can also be increased.”

Service Providers Also Threatened

DDoS is also a problem for service providers, he said.

“At the same time, this problem also presents huge opportunities to these service providers to elevate their core offering and augment it with DDoS-related cybersecurity products and managed services,” Miu said. “DDoS mitigation service is no longer … just an audit element for companies and government departments. More importantly, practical solutions are necessary to enable continued business operations. The importance of the human element – talents well versed in DDoS mitigation and its shortage, is now even more prominent and also a challenge that the industry as a whole is now facing.”

(That being said, when reviewing the report, it is worth noting that Nexusguard provides DDoS protection services.)

The next DDoS spikes could be politically motivated with the November general election on the horizon, Miu said. Critical online services such as online voting systems, media outlets and more will become high potential targets, he said.

“With the end of the pandemic being nowhere in sight, the working style and business model have gone through many changes, some of which are seemingly permanent in the post-pandemic world,” Miu said. “We believe the threat and practicability of DDoS attacks will only exacerbate and we will see a rise of DDoS-for-hire services.”