In one firm’s protection ecosystem, attacks lasting one to three hours increased by 349%

In its analytics of Q4 cyber incidents within its customer eco-system, one cybersecurity and internet infrastructure firm has noted that the country with the highest percentage of attack traffic was China, where 93% of traffic to internet properties constituted network-layer DDoS attacks.

In second place, Lithuanian Internet properties behind Cloudflare saw 87% of their traffic belonging to network-layer DDoS attack traffic. Following were Finland, Singapore, and Taiwan with the highest percentage of attack traffic.

The quarterly analysis also showed that attacks were longer, larger and more frequent. Attack durations increased across the board, volumetric attacks surged, and Ransom DDoS attacks continued to rise.

The amount of shorter attacks (attacks lasting less than 10 minutes) decreased by 76% quarter-over-quarter (QoQ): attacks lasting one to three hours increased by 349% QoQ and those lasting more than three hours increased by 87% QoQ. The number of attacks exceeding rates of 100 gigabits per second (Gbps) grew by 67% quarter-over-quarter QoQ. Also:

    • The frequency of ransom DDoS attacks remained steady
      Q4 saw a 14% increase in ransom attacks QoQ but a 16% decrease YoY.
    • Holiday travel and celebrations were targets in Q4
      Approximately 35% of traffic to the Aviation and Aerospace industry was part of HTTP DDoS attacks (application-layer). In second place, the Events Services industry saw over 16% of its traffic as HTTP DDoS attacks.
    • Gaming/gambling industries remained high value targets of DDoS attacks
      Education Management was also a popular target: this aligns with a wave of ransomware campaigns hitting school districts in the US, the UK, Spain, France, Brazil, and Italy carried out by ransomware gangs like Vice Society.
    • Emerging threats included Memcached, SNMP, and VXWorks-based DDoS attacks

Defending against DDoS attacks is critical for organizations of all sizes. While attacks may be initiated by humans, they are executed by bots. Therefore the firm asserts that only bots can against bots. Detection and mitigation must be automated as much as possible, because relying solely on humans puts defenders at a disadvantage.