- Arbor Networks - DDoS Experts
UK in Focus
Sees a 62% Year Over Year Increase in DDoS Attacks
Based on a case study in our most recent blog, the observed global DDoS attack count (frequency), bandwidth (BPS), and throughput (PPS) all saw significant increases since the start of the global COVID-19 pandemic in mid-March. Focusing in at a country level – in this case, the UK – we see that attacks have changed significantly compared to previous years.
- Attacks destined to the United Kingdom increased 62% year-over-year, bandwidth spiked upwards 56%, and throughput increased by 43%.
- Since the global COVID-19 pandemic in early- to mid-March, the number of observed attacks increased month-over-month.
- The most common DDoS vector for attacks against the United Kingdom during this period was DNS Reflection/Amplification.
Our Advanced Threat Level Analysis System (ATLAS), which processes DDoS information from more than 300 large ISP networks worldwide, recorded more than 231.000 attacks against entities in the United Kingdom in 2020 from January 1st to May 31st (Figure 1). This is a 62% increase when compared with the same period in 2019, when we observed 143.000 attacks (Figure 2). Through the end of maggio 2020, we observed a constant growth in the overall DDoS attack rate as organizations continue to experience heightened levels of malicious traffic.
Most common DDoS attack vectors
Looking at specific DDoS attack vectors (Figure 3), we can see that the majority of observed attacks during this period were volumetric in nature. These attacks typically rely on relatively high rates of packets-per-second (pps) and/or bits-per-second (bps) in order to overwhelm targeted servers, services, applications, and network capacities. Observed targets ranged from individual IP addresses to larger network blocks via ‘carpet-bombing’ attack addressing techniques. For DDoS attacks in the United Kingdom during the period in question, DNS reflection/amplification were the most common; this is unsurprising, given the relatively large number of abusable open DNS recursors present on the Internet today.
In addition to DNS reflection/amplification attacks, we also observed approximately 20 different UDP-based DDoS attack vectors; CLDAP reflection/amplification attacks were the most prominent among them. The relative breakdown of commonly-observed DDoS attack vectors during this period in the UK was in line with trends globally.
Average attack bandwidth
In this graph, we can see that the average attack bandwidth in the UK so far this year has been right around 1gb/sec. While a single 1gb/sec attack may not sound significant in a world where attacks in the hundreds of gb/sec are commonplace, the reality is that most DDoS attacks are far larger than what is necessary to overwhelm their targets, and so these ‘smaller’ attacks are in fact operationally significant.
Further, looking at the aggregate numbers for observed DDoS attack bandwidth in total, the start of 2020 saw a significant 56% increase to 260.59tb/sec (Figure 4), as opposed to the 166.77tb/sec observed during the same interval in 2019 (Figure 5).
Maximum observed attack bandwidth
So far, the largest single DDoS attack we’ve observed in the UK this year is a 488gb/sec attack targeting an organization in the Telecommunications vertical (Figure 6). To put this into perspective, the largest DDoS attack we’ve observed to date worldwide is 1.7tb/sec; the largest attack we observed in the UK in all of 2019 was 352gb/sec, so this represents a 39% increase for the largest observed DDoS attack in the UK, year-over-year.
DDoS Attack Throughput
Another important we track is the throughput, or packets per second (pps) for DDoS attacks. Just as with the frequency and bandwidth noted above, the throughput for attacks destined for the United Kingdom also saw 47% increase in the aggregate total of pps from January 1st to May 31st (Figure 7) as compared to the same time period in 2019 (Figure 8).
We’re not yet halfway through 2020, and it is quite likely that the size and impact of DDoS attacks will continue to grow in scale. Comparing all of these charts side by side, it is apparent that the overall trend in attack volumes is increasing, and we anticipate that will continue through the rest of the year. Given that the largest observed attack this year to date preceded the full onset of the ongoing COVID-19 pandemic – and all the changes in online usage and behaviors that this has brought about – it is a reminder that organizations are exposed to an underlying, perpetual risk of a significant impact of DDoS attacks on their online presences and properties.
In addition to the analysis NETSCOUT uses for these metrics, we also make a visual representation of these attacks available to view and analyze on NETSCOUT’s Cyber Threat Horizon.
- Attacks and DDoS Attacks
- Arbor Networks - DDoS Experts