Cybersecurity firm Nexusguard reported a 570% increase in bit-and-piece DDoS (Distributed Denial of Service) attacks in the second half (Q2) this year when compared to the same period last year.
According to the new Nexusguard’s Q2 2020 Threat Report, perpetrators shifted tactics, using bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic.
Nexusguard analysts witnessed attacks using much smaller sizes — more than 51% of bit-and-piece attacks were smaller than 30Mbps — to force communications service providers (CSPs) to subject entire networks of traffic to risk mitigation. This causes significant challenges for CSPs and typical threshold-based detection, which is unreliable for pinpointing the specific attacks to apply the correct mitigation
Founded in 2008, Nexusguard is a cloud-based DDoS security solution provider.
Nexusguard: DNS amplification attacks grew Nearly 4,800% YoY
Nexusguard: DDoS-for-hire websites make a comeback despite FBI crackdown
Improvements in resources and technology will cause botnets to become more sophisticated, helping them increase resilience, and evade detection efforts, to gain command and control of target systems. The evolution of attacks means that CSPs need to detect and identify smaller, more complex attack traffic patterns amongst large volumes of legitimate traffic. Nexusguard analysts recommend service providers switch to adopt deep learning-based predictive models in order to quickly identify malicious patterns and surgically mitigate them before any lasting damage occurs.
“Increases in remote work and study mean that uninterrupted online service is more critical than ever,” said Juniman Kasman, chief technology officer of Nexusguard. “Cyber attackers have rewritten their battlefield playbooks and craftily optimized their resources so that they can sustain longer, more persistent attacks. Companies must look into deep learning in their approaches if they hope to match the sophistication and complexity needed to effectively stop these advanced threats.”
In the past, attackers have used bit-and-piece attacks with a single attack vector to launch new attacks based on that vector. Nexusguard reported that attackers have the tendency to employ a blend of offensive measures in order to launch a wider range of attacks, aiming to increase the level of difficulty for CSPs to detect and differentiate between malicious and legitimate traffic.
In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to Q4 2018, according to Nexusguard’s Q1 2020 Threat Report. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to interrupt service for large companies and individuals. Internet service providers face increasing challenges to curb undetectable and abnormal traffic before they turn into uncontrollable reflection attacks.
Nexusguard’s DDoS threat research reports on attack data from botnet scanning, honeypots, CSPs, and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cybersecurity trends.