Link11 Releases DDoS Report: More than 290 Attacks per Day in Central Europe

© ElevenPictures/ Link11

The Link11 Security Operation Center (LSOC) registered 26,945 attacks in the 3rd quarter of 2017, making it an increase of 48.8% compared to the 2nd quarter. That is 293 daily attacks on average targeting organizations in Central Europe.

The new report offers in-depth insights into the current DDoS threat situation in Central Europe. Among the key findings from the report:

• The LSOC defended a peaking 26,945 attacks between July and September.
• 16,108 of the nearly 27,000 attacks in the 3rd quarter occurred in July alone.
• The LSOC repelled 48.8% more attacks in the third than in the second quarter.
• There were 12 attacks during Q2 and Q3 peaking at over 50 Gbps.
• The largest bandwidth throughout both quarters was registered during an attack with 83.1 Gbps.

The distribution of DDoS attacks fluctuated over the 2nd and 3rd quarter. The strongest day in terms of DDoS was the 16th of July, which saw 717 attacks. On the calmer side, on the 15th of May the LSOC encountered only 30 attacks. DDoS attackers were particularly active on weekends. Every 3rd attack started on a Saturday (17.1%) or Sunday (15.5%).

Increasing duration of DDoS attacks

Like the number of attacks, the total attack duration has increased. From 1,353 hours in the 1st quarter, the total rose to 2,003 hours in the 2nd quarter and reached a record 5,021 hours in the 3rd quarter. At 371.0%, the total duration from the 1st to the 3rd quarter grew more strongly than the attack rate of 234.1%.

Rising Attack Bandwidths

The bandwidth record for both quarters was 83.1 Gbps. In the 11 additional major attacks, the volume was between 40 and 80 Gbps. The average attack power increased from 1.5 Gbps in Q2 to 1.9 Gbps in Q3 2017. This is more than enough to cripple the internet connection of most organizations without an appropriate DDoS protection. In 2016, only 34% of businesses in the European Union had a broadband connection of more than 30 Mbps.*

DDoS Vector CLDAP used more and more frequently

In the 2nd and 3rd quarters of 2017, the attack vector CLDAP stood out. CLDAP reflection amplification exploits the Connectionless Lightweight Directory Access Protocol (CLDAP) on port 389/UDP. Attacks of this kind are a daily occurrence in Central Europe. During the 3rd quarter, the total number of attacks with this vector amounted to 1,038 attacks. In the 2nd quarter, 658 attacks abused CLDAP. The first DDoS attack using CLDAP in Central Europe was detected by the LSOC on October 17, 2016.

You can download the full Link11 DDoS report with comprehensive data and detailed analyses on the Link11 website for the DDoS report.

*Statistisches Bundesamt (Federal Statistical Office): Schnelles Internet bei Unternehmen: Deutschland 2016 weiter im EU-Mittelfeld