Hackers are hitting European businesses with an increasing number of attacks meant to disrupt their operations, according to new data from DDoS protection experts. Both the volume and the complexity of the attacks is growing, and over half used multiple attack vectors.
According to Link11’s Security Operations Center, 13,910 DDoS attacks were registered in Europe in Q4 (12.7% down compared to Q3), with the average attack volume growing by 8.7% to 5Gbps. The average attack volume grew 194% in 12 months, or triple the 1.7Gbps average seen in Q4 2017.
Notably, 59% of the attacks used multiple vectors to increase the success rate (compared with 45% in Q4 2017). Up to nine vectors were used in the most complex attacks, and the most common reflection amplification vectors were CLDAP, DNS reflection and SSDP, researchers said.
Creating increasingly powerful botnets, attackers leveraged cloud servers, hijacked IoT products and embedded devices. Attacks were most commonly registered on weekends, with the operators targeting organizations most frequently between 4 pm and midnight Central European Time. The lowest volumes were recorded between 6 am and 10 am CET.
Hyper-scale attacks are here to stay. Link 11 researchers registered 13 attacks with volumes over 80Gbps, with the biggest one reaching 173.5 Gbps, more than double the volume of the biggest attack recorded at the end of 2017.
Despite the shutdown of the Webstresser DDoS-for-hire service last year, DDoS operators have continued to hone their skills. Since 2016, almost all major studies analyzing the phenomenon have unearthed nearly identical findings. In June 2018, one such report revealed that DNS amplification attacks worldwide had increased a staggering 700% since 2016.