Skip to main content

DDoS attacks rose significantly this year

(Image credit: Image Credit: Profit_Image / Shutterstock)

The number of distributed denial of service (DDoS) attacks rose by 151 percent in the first half of the year, compared to the same period last year,  according to a report from cybersecurity firm Neustar.

The company’s Security Operations Center (SOC) said that, during this time, it mitigated the largest and longest attacks ever recorded.

The firm recorded a 2.3 Tbps attack against an Amazon Web Services client in February, which was the largest volumetric DDoS attack on record. The longest, meanwhile, lasted for five days and 18 hours.

The number of 100+ Gbps attacks grew by 275 percent, while the number of small attacks (5 Gbps and less) grew by more than 200 percent. Overall, 5 Gbps and smaller attacks account for 70 percent of all attacks mitigated by Neustar in H1 2020.

The total number of attacks, meanwhile, rose by more than 2.5 times in the first half of the year, compared to the same period last year.

More than half of the mitigated threats leveraged three or more vectors, which Neustar claims is a clear indication that attacks are becoming more sophisticated. Allegedly, single-vector attacks are “essentially nonexistent”.

Cybercriminals are also using new amplification methods and attacks of higher intensity as they target critical web infrastructure.

“While large volumetric attacks capture attention and headlines, bad actors increasingly recognize the value of striking at low enough volume to bypass the traffic thresholds that would trigger mitigation to degrade performance or precision target vulnerable infrastructure like a VPN,” said Michael Kaczmarek, Neustar's Vice President of Security Products.

“These shifts put every organization with an internet presence at risk of a DDoS attack – a threat that is particularly critical with global workforces reliant on VPNs for remote login. VPN servers are often left vulnerable, making it simple for cybercriminals to take an entire workforce offline with a targeted DDoS attack."