7 DDoS Attack Trends Spotted in 2018

Nov 14, 2018 | Insights, News

As organizations and businesses increasingly rely on the Internet to conduct standard business operations and generate revenue, DDoS attacks (Distributed Denial of Service) are the obvious choice for malicious actors to disrupt the status quo, make a statement, and/or cause serious financial consequences for their targets. Each year, it has become easier to hire third parties online to carry out attacks for a relatively low fee. These are some of the reasons DDoS attacks continue to increase year over year. As we are approaching the end of 2018, we’ve analyzed reports from leading DDoS mitigation providers to spot the top 7 DDoS trends over the last twelve months.

DDoS Attacks Continue to Increase

According to Corero, a global DDoS mitigation provider, DDoS attacks increased 40% from mid-2017 to mid-2018. Because businesses, organizations and even our basic infrastructure are increasingly dependent on uninterrupted network services, unmitigated attacks are increasingly impactful.

A New Attack Vector Emerges – Memcached

In February of this year, a new DDoS attack vector came on the scene – memcached server attacks via UDP. Memcached is a database caching system that is used to speed up database-driven websites, decreasing load time. Memcached attacks work similarly to other amplification attacks, sending requests for information to a server that responds with a larger amount of data, magnifying traffic volume. For a 15-byte request, a response as large as 750 kB can be sent. According to Imperva, memcached server attacks can result in an amplification factor of 9,000x and more. These types of attacks have produced the largest DDoS attacks yet, as we will see in the following section.

Upward Trend in Attack Size

Use of the memcached attack vector resulted in the breaking of a new record for the largest DDoS attack in March of this year. NetScout (Arbor Networks) recorded a 1.7 Tbps attack on one of their clients, who remains unnamed. Another massive memcached attack also happened in March – a 1.35 Tbps attack on GitHub’s website. Both of these attacks exceeded the size of the Mirai botnet attacks in 2016. According to NetScout, DDoS maximum attack size has increased globally by 174%. However, it is worth mentioning that the majority of DDoS attacks remain small, with approximately 95% of attacks being relatively small at under 5 Gbps in volume (Corero, 2018).

International Affairs Joins Top 10 Attack Verticals

It’s no surprise that telecommunications, cloud providers, hosting providers, and software companies remain within the top target verticals for attacks. However, a new vertical has emerged in the top ten this year – international affairs organizations (such as the IMF, UN, Department of State) are now in seventh place for most targeted verticals.

Multi-Vector DDoS Attacks Dominate

DDoS attacks have become more complex over the years, and multi-vector attacks consisting of two or more vectors are the most commonly employed. Verisign reported 52% of their attacks recorded in the second quarter of this year were multi-vector attacks. Of those, UDP flood is the most dominant attack type.

IoT Botnet Attacks on the Rise

IoT devices come with little to no security features, open ports and default security credentials. They are also poorly maintained, and some of them are never updated. Because of this, Radware reports, “the process of capturing devices for a botnet is a fairly simple task that’s mainly automated.” In recent months, Radware has seen hackers begin to target poorly maintained enterprise devices with botnets, in addition to the usual consumer devices. They are also seeing botnets being used not only for DDoS attacks, but also for ransom and hijacking for cryptocurrency mining.

According to NetScout, the number of connected devices is predicted to reach 125 billion by 2020. (In 2017, the number of connected devices was 27 billion.) Because these devices are easy targets, and they continue to proliferate, experts expect botnet attacks to continue to increase.

Evolution of Loapi for Android

Akamai reports an increase in the use of Loapi, a Trojan used to attack Android devices. They call it the “Swiss Army knife” of malware. It can be used to recruit a device for DDoS attacks, mine cryptocurrency, send malicious text messages, use the device as an HTTP proxy, and incessantly bombard the user with display ads.

Not protected from DDoS attacks yet? Check out any of the leading DDoS mitigation providers mentioned in our blog post. Data Foundry partners with Radware to provide our customers with in-line, on-premises/cloud-based hybrid DDoS mitigation.

Learn more about our DDoS Service