SINGAPORE - Small bit-and-piece DDoS attacks (distributed denial of service) boomed by 233% in the first half of 2021, revealed Nexusguard researchers in the Threat Report FHY 2021. As the pandemic carried on into 2021, hackers experimented with new attack patterns to avoid signature-based detection. In the first half of 2021, more than 99% of all DDoS attacks were smaller than 10Gbps, as Nexusguard had predicted in 2020. These small, nimble attacks can cripple communications service providers (CSPs) and Internet service providers (ISPs) if they leave detection to threshold or signature-based methods alone. Attackers are continuing to diversify their approaches with bit-and-piece attacks to bring down target networks and infrastructures.

More than 95% of attacks were smaller than 1Gbps each, of which Nexusguard analysts believe a majority were launched using readily available and inexpensive DDoS-for-hire services. Rather than launching large bandwidth attacks against their targets, researchers noted that perpetrators chose to employ attacks using high packet-rate loads of small-sized traffic from DDoS-for-hire services, with the aim of evading DDoS mitigation detection systems.

“The high level of intricacies behind communications service provider networks causes them to generally allow all types of traffic to pass through, which leads to smaller or spoofed types of attacks to strike undetected,” said Juniman Kasman, chief technology officer of Nexusguard. “Behavioral detection and mitigation approaches are strongly recommended for targeted networks since they can compare peacetime with battles and take a wider range of factors into consideration than anomalous thresholds or attack signatures.”

Traffic spoofing and UDP-style attacks were popular in the first half of the year, with an 84% increase in UDP attacks compared to the previous six months. Nexusguard observed several types of UDP attacks in use, one of which can cause “Black Storm” attacks theorized in recent research. Nexusguard researchers witnessed several service providers bear the brunt of DDoS attacks, including China Telecom, China Unicom, Vodafone Türkiye, Türk Telekom, Turkcell İletişim Hizmetleri A.S. receiving the highest concentrations of malicious traffic. Nexusguard advises CSPs to use deep learning-based detection methods, which can help CSPs analyze huge amounts of data quickly and accurately while overcoming the inefficiencies inherent in threshold or signature-based methods.

Nexusguard’s TAP100 Program helps CSPs quickly launch anti-DDoS capabilities to protect customers. The TAP100 Program removes the hardware barriers associated with typical anti-DDoS service ramp-up, allowing CSP product teams and C-suites to capture new revenue opportunities and ensure superior customer service.

Read Nexusguard’s Threat Report FHY 2021 for more mitigation details based on data gathered from CSPs, honeypots, botnet scanning and research on traffic moving between attackers and their targets.

-Ends-

Distributed by African Media Agency (AMA) on behalf of NEXUSGUARD.

About Nexusguard

Founded in 2008, Nexusguard is a leading cloud-based distributed denial of service (DDoS) security solution provider fighting malicious internet attacks. Nexusguard ensures uninterrupted internet service, visibility, optimization and performance. Nexusguard is focused on developing and providing the best cybersecurity solution for every client across a range of industries with specific business and technical requirements. Nexusguard also enables communications service providers to deliver DDoS protection solution as a service. Nexusguard delivers on its promise to provide you with peace of mind by countering threats and ensuring maximum uptime.

Visit www.nexusguard.com for more information.

Contacts
Benjamin Yip
Nexusguard
Head of Marketing
Benjamin.Yip@Nexusguard.com
 

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2021

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.