News

27.5.2021 Np

  • The first half of Q1 was characterized by large attacks on finance and a continuation of the 2020 ransom DDoS campaign.
  • To overcome the pandemic, organizations began relying on remote operations and teleworking. DDoS actors found new opportunities in targeting the internet connectivity of organizations and their branches to impact the organizations’ productivity. With limited bandwidth, attackers can achieve more impact and disrupt a branch or an organization’s operations.
  • Attacking the public assets of organizations provides increased visibility. Public-facing assets did remain an essential target throughout Q1 of 2021.
  • Hybrid DDoS mitigation observations:
    • On-premise detection and mitigation will fail to prevent 15% of the attacks.
    • If latency introduced by cloud protection is important, 85% of the attacks can be mitigated by on-premise equipment.
  • HTTPS and DNS are two dominating targets. This should not come as a surprise given that the majority of internet services run on top of HTTPS and depend on DNS. They might leapfrog from quarter to quarter, they might be overtaken by some other applications in a specific quarter, but they come out on top and side by side over the longer term.
  • Attack protocol volumes are consistently dominated by UDP. It is by nature of the attack that UDP takes much more volume compared to TCP. UDP is used to saturate internet links by means of volumetric attacks and by consequence the average packet size for UDP attacks is coming close to the maximum the internet allows. TCP attacks on the other hand are mostly leveraged to exhaust state on services or to send a very high rate of packets trying to overrun network equipment or shut internet connections by rate of packets and not by volume. Typically the packet rate of TCP is higher compared to UDP but the average packet size is much smaller.
2024 © SecTec, a.s. – All rights reserved | Created by Marketinger