In addition to traditional DDoS attacks, researchers see various abnormal traffic patterns
In the first quarter of 2020, DDoS attacks rose more than 278% compared to Q1 2019, and more than 542% compared to the last quarter, as published in the Nexusguard Q1 2020 Threat Report. DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, ISPs will have to strengthen their security measures.
Undetectable and abnormal traffic patternss
While DDoS attacks disrupt service for large companies and individuals alike, ISPs face increasing challenges to curb undetectable and abnormal traffic patterns before they evolve into uncontrollable reflection attacks.
Generally considered the “off season” for DDoS attacks, researchers attribute the surge in incidents to malicious efforts during the COVID-19 pandemic, as consumers become dependent on online services and working from home has become the new normal in an effort to prevent the spread of the virus.
“With remote working becoming the new standard and emphasis on home internet connectivity at an all time high, proper security measures to mitigate these attacks have never been more important for ISPs. DDoS attacks, be it outgoing or incoming, is a threat to this new working standard that no home users will be able to effectively address, with ISPs needing to employ protective steps to maintain its quality of network connectivity,” said Donny Chong, Product Director for Nexusguard.
ISPs under attack
Such heavy reliance on online services has given rise to a trend of attacks meant to overwhelm ISPs. In addition to traditional DDoS attacks, Nexusguard researchers identified various abnormal traffic patterns, including small-sized, short attacks dubbed “invisible killers.” These types of attacks are often wilfully ignored by ISPs, which gives the invisible anomalies access to website and online services networks to wreak havoc.
“We believe that the ‘invisible killer’ trend will not go away anytime soon, and should not be dismissed at the risk of Internet network infrastructures suffering a deluge of attacks. ISPs play a key role in preventing and mitigating attacks in the long run, protecting its own networks and customer networks from either ‘invisible killer’ or traditional attacks. Steps must be taken to address and manage suspicious traffic, safeguarding the connectivity and service uptime of customer networks from the threats of DDoS attacks,” said Donny Chong.
Bits-and-pieces attacks
The report findings also revealed that bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These forms of attacks are a result of drip-feeding doses of junk traffic into a large IP pool, ultimately clogging the targeted infrastructure when small bits of attacks accumulate from various source IPs.
Furthermore, 90% of attacks employed also used a single-vector approach, which is a shift from the popularity of multi-vector attacks in the past.
As DDoS attacks become more sophisticated and harder to stop, exacerbated by our collective change in lifestyle due to the pandemic, security policies and practices need to be addressed for the post-COVID-19 world. ISPs will have to adapt to and address the new attack methods birthed from the pandemic, and look towards mitigating and managing disruptions emanating from widespread DDoS attacks.