sb-au logo
Story image

DDoS attacks bigger & more prevalent in Q2 2020 - Cloudflare report

13 Aug 2020

The mantra for distributed denial of service (DDoS) attack methods this year seems to be ‘bigger and more’ – or at least that’s what research from Cloudflare’s attack trends report for Q2 2020 seems to suggest.

Cloudflare detected double the amount of global L3/4 DDoS attacks compared to Q1, some of which were dubbed the biggest attacks ever recorded over its network.

The Q2 2020 quarter covered the period from 1 April to 1 June, when much of the world went into lockdown procedures to prevent further COVID-19 outbreaks.

In this quarter, Cloudflare’s DDoS protection Gatebot detected more attack vectors across more geographies – however its data centres in the United States were hit hardest, followed by Germany, Canada, Great Britain, Australia, Brazil, Thailand, France, Japan, and Russia. Cloudflare has data centres in more than 200 cities worldwide.

Cloudflare states it also recorded the ‘biggest ever’ attacks – 88% of all large (100 Gbps) attacks this year were launched after the lockdown period in March. Most of these large attacks sent around 200 million packets per second (pps).

Further, 51.5% of all attacks remained under 1 Gbps, while 38.3% hit between 1-10 Gbps,7.8% hit between 10-100 Gbps, and 2.4% went over 100 Gbps.

In June, Cloudflare detected a four-day DDoS campaign that leveraged 316,000 IP addresses against a single Cloudflare IP address. At its peak, the attack sent 754 million pps to the IP address. Cloudflare was able to detect and block the attack, with no effect on performance.

A statement from the company says, “A global interconnected network is crucial when mitigating large attacks in order to be able to absorb the attack traffic and mitigate it close to the source, whilst also continuing serving legitimate customer traffic without inducing latency or service interruptions.”

DDoS attack vectors commonly used  SYN floods formed the majority with over 57% in share, followed by RST (13%), UDP (7%), CLDAP (6%) and SSDP (3%).

Cloudflare explains that SYN floors work by exploiting the ‘handshake’ process of TCP connections.

“By repeatedly sending initial connection request packets with a synchronize flag (SYN), the attacker attempts to overwhelm the router’s connection table that tracks the state of TCP connections. The router replies with a packet that contains a synchronized acknowledgement flag (SYN-ACK), allocates a certain amount of memory for each given connection and falsely waits for the client to respond with a final acknowledgement (ACK). Given a sufficient number of SYNs that occupy the router’s memory, the router is unable to allocate further memory for legitimate clients causing a denial of service.”

Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Link image
Creating a lean business machine with automation and low-code
Forrester data indicates that process automation was a strategic initiative for many organizations before COVID and remains so after. Catch this webinar to learn more about automation.More