New data has revealed that three fundamental metrics – quantity, size and complexity of DDoS attacks – all increased in the third quarter of 2021.
The Lumen Technologies Q3 DDoS Report found the frequency of DDoS attacks do not seem to be slowing down.
To compile these findings, the security team at Lumen analysed intelligence from Black Lotus Labs – the company's threat research arm – and attack trends from the Lumen DDoS Mitigation Service platform, which integrates countermeasures directly into the company's extensive and deeply peered global network.
The report founds the following DDoS attack trends:
- Lumen mitigated 35% more attacks in Q3 than in Q2.
- The largest bandwidth attack scrubbed in Q3 was 612 Gbps – a 49% increase over Q2 – and the largest packet rate-based attack scrubbed was 252 Mpps – a 91% increase.
- The longest DDoS attack period Lumen mitigated for an individual customer lasted 14 days.
- For the first time, 28% of multi-vector mitigations involved a complex combination of four different attack types, including DNS amplification, TCP RST, TCP SYN-ACK amplification and UDP amplification.
- Like Q2, the top two verticals targeted in the 500 largest attacks in Q3 were Telecom and Software/Technology; the Retail vertical, which did not make the top 3 in Q2, was the third most attacked industry in Q3.
Although Lumen observed a 26% decrease in unique C2s for Gafgyt and Mirai – two predominant IoT botnet families it continually monitors – the company observed more than 217,000 DDoS botnet hosts globally. This represents a 45% increase over Q2 and the most seen all year.
Lumen tracked more than 2,100 C2s globally. The countries with the most C2s were (in order): China, United States and, tied for third, Taiwan and the Netherlands.
"DDoS attacks are rampant, and the frequency doesn't seem to be slowing down," says Mark Dehus, Lumen director of information security and threat intelligence.
"If anything, attacks are evolving to use more complex methods, and are being aimed at services such as voice that have not typically been targets in recent years," he says.
"At Lumen, we partner with industry trust groups to track attacks back to their original sources and proactively block nefarious traffic whenever possible. We want businesses to join the fight to protect themselves," Dehus says.
"First, have a solid strategy in place to address all potential security issues. Second, work with an established DDoS mitigation partner – particularly one that has an ability to track DDoS botnets and find new sources before they launch an attack.
"Also look for a provider that offers application security services like Web Application Firewall and Botnet Management," he adds.
"And finally, if you find yourself under attack, look for a solution like Lumen DDoS Hyper, which enables you to turn up service in about 15 minutes and be in a position to enable mitigation."
Attack sizes in the Lumen Q3 DDoS Report convey the largest attacks scrubbed by Lumen global DDoS scrubbing infrastructure, rather than the largest attacks observed transiting or being scrubbed by the Lumen network.