Report reveals a rising number of multivector and cloud computing attacks over the last twelve months. There was also a number of new amplification vectors like WS–Discovery, Apple Remote Management Service and an increase in ‘carpet bombing’ attacks.

The experts from the Link11 Security Operation Center (LSOC) take a look back at the most important DDoS attacks in 2019 and summarize which new developments could be detected on the attacker side. In addition, the IT security specialists draw conclusions for the threat situation in the coming 12 months.

High bandwidth and complex DDoS attacks continued unchanged in the third quarter of 2019. Every second attack saw the attackers combining several attack vectors and driving up the attack volumes with reflection amplification techniques. Apart from volume attacks, the assailants concentrated on attacks with low bandwidths that made up for this by containing all the more packages. 

A new attack vector was identified in the first half of 2019. Attackers have been abusing the Web Services Discovery (WS-Discovery, WS-DD or WSD) protocol since the middle of the year.* Attackers constantly identify new vulnerabilities and open services that can be misused for overload attacks.

Since mid-October 2019, companies in the payment, entertainment and retail sectors have been receiving DDoS extortion and blackmail emails which claim to come from the Fancy Bear cyber espionage group. Link11 is warning organizations about the DDoS attacks launched by these perpetrators, which primarily target the Origin infrastructure of the companies.

Link11, a leader in cloud-based anti-DDoS protection, has published its DDoS statistics for Q2 2019.  The data shows that the quarter saw a massive 97% year-on-year increase in average attack bandwidth, up from 3.3Gbps in Q2 2018 to 6.6Gbps in Q2 2019.  

The next few days will mark the anniversary of the first known case of a cyberattack method that continues to keep companies of all sizes and industries on their toes. On July 22, 1999, a computer of the University of Minnesota in the USA was attacked by a network of 114 other computers – on which the program Trin00 was running, which was later used time and again to launch DDoS attacks.

Since early May 2019, numerous data centers, ISPs and hosting providers in Italy have received extortion mails on behalf of the “Turkish hackers”. The cyber-criminals demand Bitcoins to stop large-scale DDoS attacks of more than 100 Gbps.

Europe continues to be a target for DDoS attacks, as the current DDoS attack figures from the Link11 Security Operation Center show. Link11 registered 11,177 DDoS attacks on targets in Europe in Q1 2019. These high attack volumes and the large number of different attack vectors pose significant challenges to companies that lack appropriate protection.

The implications of DDoS attacks have become increasingly severe in recent months. The consequences are no longer limited to online service outages in a few industries such as banking, hosting, mobility or eHealth, but can now paralyze an entire country, as the incidents in Cambodia have shown.