Intelligent Tech Channels Issue 54 - Page 13

Application-layer DDoS attacks
• Application-layer DDoS attacks , specifically HTTP DDoS attacks , are attacks that usually aim to disrupt a web server by making it unable to process legitimate user requests . If a server is bombarded with more requests than it can process , the server will drop legitimate requests and – in some cases – crash , resulting in degraded performance or an outage for legitimate users
• 2022 Q1 was the busiest quarter in the past 12 months for application-layer attacks . HTTP-layer DDoS attacks increased by 164 % YoY and 135 % QoQ
• Diving deeper into the quarter , in March 2022 there were more HTTP DDoS attacks than in all of Q4 combined ( and Q3 , and Q1 )
• After four consecutive quarters in a row with China as the top source of HTTP DDoS attacks , the US stepped into the lead this quarter . HTTP DDoS attacks originating from the US increased by a staggering 6,777 % QoQ and 2,225 % YoY
• Globally , the consumer electronics industry was the most attacked with an increase of 5,086 % QoQ . Second was the online media industry with a 2,131 % increase in attacks QoQ . Third were computer software companies , with an increase of 76 % QoQ . However , if we focus only on Ukraine and Russia , we can see that broadcast media , online media companies and Internet companies were the most targeted
Network-layer DDoS attacks
• While application-layer attacks target the application ( Layer 7 of the OSI model ) running the service that endusers are trying to access ( HTTP / S in our case ), network-layer attacks aim to overwhelm network infrastructure ( such as in-line routers and servers ) and the Internet link itself
• Network-layer attacks in Q1 increased by 71 % YoY but decreased 58 % QoQ
John Graham-Cumming , CTO , Cloudflare
• The amount of network-layer DDoS attacks remained mostly consistent throughout the quarter with about a third of attacks occurring every month
• The telecommunications industry was the most targeted by network-layer DDoS attacks , followed by gaming and gambling companies and the Information Technology and services industry
• The US was targeted by the highest percentage of DDoS attacks traffic – over 10 % of all attack packets and almost 8 % of all attack bytes . Following the US is China , Canada and Singapore
• Volumetric attacks increased in Q1 . Attacks above 10 Mpps ( million packets per second ) grew by over 300 % QoQ , and
attacks over 100 Gbps grew by 645 % QoQ
• SYN Floods remain the most popular DDoS attack vector , while use of generic UDP floods drops significantly in Q1 . In Q1 , SYN floods accounted for 57 % of all network-layer DDoS attacks , representing a 69 % increase QoQ and a 13 % increase YoY . In second place , attacks over SSDP surged by over 1,100 % QoQ . Following were RST floods and attacks over UDP . Last quarter , generic UDP floods took the second place , but this time , generic UDP DDoS attacks plummeted by 87 % QoQ from 32 % to a mere 3.9 %
• Most attacks remain under one hour in duration , reiterating the need for automated always-on DDoS mitigation solutions . It ’ s recommended that companies use automated , always-on DDoS protection services that analyse traffic and apply real-time fingerprinting fast enough to block short-lived attacks
John Graham-Cumming , CTO , Cloudflare , said : “ As a provider of industry-leading DDoS mitigation solutions , our company is privy to cybersecurity insights that we share with organisations across the globe to help them understand the evolving security landscape . This in turn assists them in putting together systems and measures to combat these threats more effectively .” •