We’re now in the “terabit era” for DDoS attacks

13 August 2018

The frequency of global DDoS attacks during the first half of 2017 compared to the first half of 2018.

The frequency of global DDoS attacks during the first half of 2017 compared to the first half of 2018.

Distributed Denial of Service entered the “terabit attack era” in 2018, according to Netscout’s latest Threat Intelligence Report.

The study revealed that In the first half of 2018, there were 47 DDoS attacks greater than 300Gbps globally, versus only seven during the same period in 2017. 

Asia Pacific was heavily targeted, with 35 attacks greater than 300Gbps versus only five during the same period in 2017.

Earlier this year in March, Netscout subsidiary Akamai mitigated a 1.7Tbps reflection/amplification attack targeted at a customer of a US-based service provider. 

The company said this was the largest DDoS attack so far recorded, and was based on the same memcached vector that made up a 1.3Tbps DDoS attack against Github at the end of February.  

The previous record was 650Gbps towards a target in Brazil during the summer of 2016.

As well as DDoS attack campaigns, Netscout’s Intelligence Report covers the latest trends and activities from nation-state advanced persistent threat (APT) groups, and crimeware operations.

It is based on Arbor’s analysis of globally scoped internet threat intelligence provided by ATLAS.

Netscout says ATLAS is a collaborative project with hundreds of service provider customers who have agreed to share anonymous traffic data that equate to around one-third of all internet traffic. 

The report also found that state-sponsored activity has developed to the point where campaigns and frameworks are discovered regularly for a broad tier of nations. 

It said nation-state APT groups are also using internet-scale intrusions such as NotPetyaCCleanerVPNFilter for targeted, highly selective campaigns.

Crimeware actors are also said to be diversifying their attack methods.

Inspired by 2017’s WannaCry attack, Netscout said major  crimeware  groups are adopting self-propagation methods that allows their malware to spread faster and more easily.

They are also increasingly focused on cryptocurrency mining.