Attacks in April, May and June 2020 more than double compared with Q2 2019, and attacks using public cloud infrastructure increase

The first reflection amplification vectors occurred in 2013 and involved DNS and NTP. Since then, the spectrum of vectors has become far greater. Currently, there are over 20 techniques.

Average bandwidth of attacks increasing and share of multivector attacks rose to 64%.

DDoS flooding attacks against big name brands have made media headlines for more than two decades. However, many bot attacks aren’t flooding attacks at all. These attacks pose a huge threat to organizations and website owners… but few are aware of the risks.

In 2019, we could clearly see that various countries, as well as organizations across different industries and of all sizes, were hit by DDoS attacks. Attackers managed to find a way to take down the IT systems of organizations that were not vigilant enough. This infographic provides a quick summary of some of the most notable DDoS attacks that occurred over the past 12 months.

Report reveals a rising number of multivector and cloud computing attacks over the last twelve months. There was also a number of new amplification vectors like WS–Discovery, Apple Remote Management Service and an increase in ‘carpet bombing’ attacks.

The experts from the Link11 Security Operation Center (LSOC) take a look back at the most important DDoS attacks in 2019 and summarize which new developments could be detected on the attacker side. In addition, the IT security specialists draw conclusions for the threat situation in the coming 12 months.

High bandwidth and complex DDoS attacks continued unchanged in the third quarter of 2019. Every second attack saw the attackers combining several attack vectors and driving up the attack volumes with reflection amplification techniques. Apart from volume attacks, the assailants concentrated on attacks with low bandwidths that made up for this by containing all the more packages. 

A new attack vector was identified in the first half of 2019. Attackers have been abusing the Web Services Discovery (WS-Discovery, WS-DD or WSD) protocol since the middle of the year.* Attackers constantly identify new vulnerabilities and open services that can be misused for overload attacks.

Since mid-October 2019, companies in the payment, entertainment and retail sectors have been receiving DDoS extortion and blackmail emails which claim to come from the Fancy Bear cyber espionage group. Link11 is warning organizations about the DDoS attacks launched by these perpetrators, which primarily target the Origin infrastructure of the companies.