Arelion’s global Internet backbone, AS1299, is the source for the network data on the constantly evolving DDoS threat landscape, and the impact it is having on the wider Internet.
Based on the DDoS threat landscape report 2024, the big attacks just got bigger. Peak attacks reached 960 Gbps in 2023 from a UDP-based attack in Europe, demonstrating the continued importance of volumetric protection. At 343 Mpps, the largest pps attack came from a multi-vector TCP SYN, SSDP Amplification attack in North America.
Although there has been a global decrease in large volumetric DDoS attacks, it has increased on a national level.
Commenting on the report, Mattias Fridström, Chief Evangelist at Arelion said, “Larger, more intensive attacks over slightly shorter periods ultimately cause the same damage overall, and with improved DNS amplification, fewer packets-per-second are needed for an effective attack, which is one less thing that could trip the existing defenses of an organization."
From the data observed by Arelion, it appears that the average attack duration is being dragged down by unsuccessful attacks being called off quicker, and the resources reassigned to alternate, unprotected targets. This reaffirms the notion that some DDoS protection is better than having none at all.
“As such, the need for a basic level of customer protection to mitigate the abundant smaller attacks, together with a solid insurance policy for the larger ones is as great as ever. Arelion, with its key role in the global Internet community, continues to work on this kind of ‘passive DDoS protection’ – an important tool in the war of attrition against malicious DDoS traffic,” Fridström explained.
New Battlegrounds and Attack Patterns
Here are some other key insights and trends stated within Arelion’s DDoS Threat Landscape Report 2024:
- DNS Amplification was the most common type of attack in 2023, constituting 80% of all attacks by the end of the year
- The most common attack vector in 2023 was UDP over HTTP (port 80) and HTTPS (port 443)
- QUIC accounts for a large proportion of Chrome traffic and is UDP based
- Compromised or acquired virtual machines (VMs) and virtual private servers (VPS) and so-called ‘bulletproof hosting’ suppliers are the next big battlegrounds
- DNS Water Torture Attacks are on the rise towards Arelion’s customers in Q1 and Q2 2023
- DDoS attacks continue to evolve towards direct path attacks sourced directly from botnets, leading to more non-spoofing attack traffic such as TCP SYN or SYN/ACK attacks, which are often smaller in volume but of higher intensity (packets-per-second)
- A new type of DDoS attack based on HTTP/2 was widely used to bring down websites
- Cyber warfare is now an established part of nation state conflict and is not limited to just governmental assets, putting resilient cyber-defences cease as a must
Geographical Perspective
Based on the overview of attack distribution in Arelion’s global IP backbone, Panama, Poland, and United States are among the top attacked countries.
According to the report, Panama is heavily targeted possibly because of the the high level of DDoS activity associated with the extensive offshore banking industry in the country. On the other hand, the US’s position is a consequence of having a sheer scale of IT infrastructure – more servers mean more DDoS attacks.