The number of smaller and more concentrated DDoS attacks (distributed denial-of-service) has increased in Q3 2019, highlighting a new trend that seems to be gaining momentum, according to research from online risk analytics firm Neustar.
While the volume of DDoS attacks shows steady growth, the latest data from the Sterling, Virginia-based firm indicates that attackers are investing more time and effort in smaller, targeted strikes. In Q3 2019, the number of small threats increased by 303% from the same quarter of last year while large-scale attacks increased by almost 200%.
The reasons smaller attacks are preferred has to do with other layers levied against organizations at the same time as DDoS waves. It might seem that flooding a company or business with Internet traffic is enough to cause them harm, but the attack doesn’t usually stop there. According to Neustar data, more than 86% of the attacks use at least two vectors, which means that bad actors wanted to more than just cripple the online presence, probably going after existing vulnerabilities.
“The increase in small-scale attacks has led to a decrease in the average attack size, from 10.5 Gigabits per second (Gbps) in Q3 2018 to 7.6 Gbps in Q3 2019. Average intensity is also down, to 7.6 Million packets per second (Mpps) in Q3 2019, compared to 10.5 Mpps in Q3 2018,” says Neustar. “However, this quarter’s most intense attack, at 343 Mpps, was 24% higher than the most intense attack seen in the same period last year.”
Small scale attacks can pass undetected for days, degrading the user experience and affecting the targeted services. With multiple vectors of attack and ways to spoof the direction of the DDoS waves, responding can be challenging for organizations.
Also, the massive year-over-year increase in all types of DDoS attacks means more organizations are reporting any incidents. 59% of the respondents in the survey admitted they were on the end of a DDoS attack, up from 46% from last year’s survey.