The Nexusguard “Q4 2018 Threat Report” revealed that the FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (“booters”) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year.
Q4 2018 Threat Report
Thanks to the eradication of 15 of the world’s biggest “Booters” (DDoS-for-hire websites), the
web-based services designed for customers to launch distributed denial-of-service attacks against
sites on demand, by the FBI in December 2018, the number of attacks as well as the maximum and
average attack sizes decreased by 10.99%, 23.91%, and 85.36%, respectively, year-over-year (YoY).
Conversely, due to the continued exploitation of the “Bit-and-Piece” technique carried over from the
previous quarter, the number of attacks and the maximum and average attack sizes increased by
36.08%, 49.15%, and 3.75%, respectively, quarter-on-quarter (QoQ). Widely adopted in Q3 2018, the
“Bit-and-Piece” tactic avoids detection by contaminating legitimate traffic across hundreds of IP
prefixes with small-sized junk.
Q4 2018 also saw conventional attacks like UDP, TCP SYN, and ICMP drop significantly on a YoY
basis. However, SSDP Amplification attacks — the most popular “Bit-and-Piece” attack vector —
increased by 3,122.22% YoY and 91.21% QoQ. Moreover, attackers were more persistent than before,
as evidenced by a month-long attack case in which the target was hit by as many as 13 attacks a day
for 28.95 minutes and 1493.93 minutes throughout most days of December.