DDoS attacks are evolving, with 99.1% of customized patterns often ignored despite carrying the potential to cripple networks, says one study.

In the first quarter of 2020, DDoS attacks rose more than 278% compared to Q1 2019. In the second quarter, the number was more than 542%.

According to the Q1 2020 Threat Report published by DDoS security solutions provider Nexusguard,  such attacks have become a global risk, and as attacks continue to increase in complexity spurred by the pandemic, Internet Service Providers (ISPs) need to strengthen their security measures.

The research reports on attack data from botnet scanning, honeypots, service providers and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cyber security trends.

COVID-19 is hunting season

ISPs face increasing challenges to curb undetectable and abnormal traffic before they evolve into uncontrollable reflection attacks. The past months, while generally considered the “off season” for DDoS attacks in normal years, have seen a huge surge attributed to malicious efforts during the COVID-19 pandemic. Consumers have become more dependent than ever on online services and working from home has become a common practice.

Said Donny Chong, Product Director, Nexusguard: “With remote-working becoming the new standard, and emphasis on home internet connectivity at an all-time high, proper security measures to mitigate these attacks have never been more important for ISPs. DDoS attacks, be they outgoing or incoming, are a threat to this new working standard that no home users will be able to effectively address, with ISPs needing to employ protective steps to maintain its quality of network connectivity.”

Rise of “invisible killer” attacks

Such heavy reliance on online services has given rise to a trend of attacks meant to overwhelm ISPs. In addition to traditional DDoS attacks, Nexusguard researchers identified various abnormal traffic patterns, including small-sized, short attacks dubbed “invisible killers.” These types of attacks are often willfully ignored by ISPs, which gives the invisible anomalies access to website and online services networks to wreak havoc.

“We believe that the ‘invisible killer’ trend will not go away anytime soon, and should not be dismissed at the risk of Internet network infrastructures suffering a deluge of attacks. ISPs play a key role in preventing and mitigating attacks in the long run, protecting their own networks and customer networks from either ‘invisible killer’ or traditional attacks. Steps must be taken to address and manage suspicious traffic, safeguarding the connectivity and service uptime of customer networks from the threats of DDoS attacks,” opined Chong.

The single-vector approach resurfaces

The report has also revealed that bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These forms of attacks are a result of drip-feeding doses of junk traffic into a large IP pool, ultimately clogging the targeted infrastructure when small bits of attacks accumulate from various source IPs. Furthermore, 90% of attacks employed also used a single-vector approach, which is a shift from the popularity of multi-vector attacks in the past.

As DDoS attacks become more sophisticated and harder to stop, exacerbated by the global collective changes in lifestyles due to the pandemic, security policies and practises need to be addressed near future.

ISPs will have to adapt to and address the new attack methods birthed from the pandemic, and look towards mitigating and managing disruptions emanating from widespread DDoS attacks, the report asserted.