Seattle Computer Repair by Emerald City IT
enardeitjaptrues

(206) 657-6685

DDoS Attack Trends for 2020

Details
Support Field: Computer Repair and Tech Support
Support Category: Virus, Spyware, & Malware Removal

The Largest DDoS Attack of 2021 So Far

The largest attack the SOC team encountered over the past 15 months came in February 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. The o nslaught peaked at 500 Gbps, or half a terabit per second.

Threat actors, possibly disgruntled customers, threatened the victim with an imminent attack via text message. They claimed that if the victim did not pay a ransom, they would launch a DDoS campaign. While some threats and ransom demands are nothing more than a ruse, it is common for cybercriminals to demand payment in order to obviate the DDoS attack. In this case, the threat was real, and the attackers immediately launched a 4 Gbps SYN flood attack as a warning shot; within five days of this, the siege began. Beginning early February and lasting almost the entire month, attack after attack kept coming, with the threat actors adding more and more vectors. Eventually, the attacks peaked at 500 Gbps and included a multivectored barrage of volumetric UDP, LDAP reflection, DNS reflection, NTP reflection, and UDP fragmentation attacks.

Increasing DDoS Complexity

Web apps, served over HTTP and HTTPS, accounted for 17% of application attacks, though the majority, 83%, targeted DNS servers. Generally speaking, it can be extremely difficult to identify which requests to an application are genuine and which are malicious, since many organizations cannot identify which web requests come from genuine users and which come from malicious automated bots. It is no surprise, therefore, that we see more support calls placed to the F5 SIRT seeking assistance in dealing with application DDoS than any other DDoS type. Last year over 50% of all DDoS support cases were attributed to application DDoS (combining web, API, SSL/TLS, and DNS DDoS attacks). Thirty percent alone were for HTTP/HTTPS-based DDoS attacks (see Figure 6). When comparing this with the number of HTTP/HTTPS DDoS attacks shown in Figure 3, it is evident that detecting and blocking these attacks is disproportionately more difficult than blocking volumetric-based DDoS.