Average bandwidth of DDoS attacks increasing, APIs and applications under attack
The volume and complexity of attacks continued to grow in the first quarter of 2020, according to Link11.
There has been an increasing number of high-volume attacks in Q1 2020, with 51 attacks over 50 Gbps. The average bandwidth of attacks also rose, reaching 5,0 Gbps versus 4,3 Gbps in the same quarter in 2019.
Key findings
- Maximum bandwidth nearly doubles: In Q1 2020, the maximum bandwidth nearly doubled in comparison to the previous year; the biggest attack stopped was 406 Gbps. In Q1 2019 the maximum bandwidth peaked at 224 Gbps.
- Complex multi-vector attacks rising: The share of multi-vector attacks rose to 64% in Q1 2020 up from 47% in Q1 2019. 66% of all multi-vector attacks combined 2 – 3 vectors. More importantly, there were 19 attacks that used 10 or more different DDoS vectors, compared to no reported attacks of this scale in 2019.
- Most frequently misused DDoS vectors: The most frequently used DDoS vectors in Q1 2020 were DNS Reflection, CLDAP, NTP and WS-Discovery.
- DDoS attackers increasingly abuse public cloud services: Nearly the half of all DDoS attacks (47%) in Q1 2020 used public cloud server-based botnets, compared to 31% in the previous year.
- APIs and applications under attack: As companies build new applications and services from multiple sources using APIs, they are becoming increasingly vulnerable to Layer 7 attacks, which are typically ‘low and slow’ compared to network layer attacks.
Marc Wilczek, COO of Link11 said: “The threat landscape is changing as a result of the COVID-19 outbreak. With more people working remotely, there is a greater emphasis on virtual networks which need to be accessible from multiple locations.
“This is creating the perfect scenario for DDoS attackers to overwhelm networks and cause serious disruption. To address this, organizations need to be more proactive in their approach to DDoS protection, in order to respond to these ever-evolving threats.”