As DDoS attack tactics evolve, Communication Service Providers1 (CSP) at the ASN level are facing a new challenge posed by diffused and stealthy volumetric attacks designed to evade detection. The new tactic resembles the way Mongol troops executed battles some 700 years ago. Like the Mongols, today’s perpetrators thoroughly study the targeted landscape prior to mounting their attacks.
NexusGuard Q3 2018 Threat Report
The maximum attack size increased 139.84% YoY (Year-over-Year) to 118Gbps, but was down 67.13% QoQ (Quarter-on-Quarter). The average size decreased 81.97% YoY and 96.31% QoQ. As
threats eased off from last summer’s World Cup peak, total attacks decreased 45.25% YoY and 50.92% QoQ, respectively.
A new development: CSP (Communication Service Provider) networks — especially those at the ASN level — were hit by a stealthy, new volumetric attack whereby attackers contaminate legitimate traffic
across hundreds of IP prefixes (some 159 ASNs, spanning 527 Class C networks, based on our findings) with small-sized, junk in order to bypass detection. As a consequence, both maximum and average attack sizes decreased measurably YoY.
By attack vector, SSDP Flood attack counts increased most noticeably, growing more than six-fold
from the preceding quarter (more than 120% YoY). We believe the unconventional rise in SSDP
Amplification is a result of the new attack pattern targeting CSPs. This pattern also caused the
average attack size per IP to fall to only 0.972Gbps during Q3.