Based on Lumen’s latest report detailing Distributed Denial of Service (DDoS) mitigations in Q1 2023, 85% of the largest 1,000 DDoS attacks that the company mitigated targeted the telecommunications industry. In addition, more than 700,000 of the application requests blocked targeted telecom customers.
Moreover, 26% of all single-vector attacks in the first quarter utilized DNS amplification – a 417% increase over the same quarter last year. Of these, a sophisticated form of DNS amplification known as a "DNS water torture attack" was the most common.
"The pace at which companies and other organizations have been expanding their digital footprints has increased over the past few years," said Peter Brecl, Lumen's director of product management for DDoS mitigation and application protection. "The larger attack surface creates more opportunities for threat actors to launch attacks. The only way to protect that digital presence is to deploy a holistic solution that includes network protection, application-layer protection, and application acceleration capabilities. This type of comprehensive coverage – including DDoS mitigation, API protections, Web Application Firewalls and Bot Risk Management – helps ensure that critical business functions stay up and running – even when under an active attack."
In Q1, Lumen also mitigated an attack that utilized six different vectors including DNS Amplification, ICMP, TCP RST, TCP SYN/ACK Amplification and UDP amplification. Because each vector targets specific ports, protocols and systems, these complex attacks are significantly more difficult to mitigate.
Out of the 25 billion application requests blocked in Q1, representing 42% of customers' traffic, more than 30% came from bots. This volume underscores the need for real-time API and application protection and tightly integrated bot mitigations solutions as part of a comprehensive security strategy.
Lumen researchers theorize that attackers focus their efforts on or around holidays because staffing levels are typically lower.