Game over: analysts report an increase in the number of DDoS attacks on the game segment
Rostelecom conducted a study of DDoS attacks carried out on the Russian segment of the Internet in 2018. According to the report, in 2018 there was a sharp increase not only in the number of DDoS attacks, but also in their power. The attackers often focused on game servers.
The total number of DDoS attacks in 2018 increased by 95% compared with the previous year. The greatest number of attacks recorded in November and December. Many e-commerce companies receive a substantial part of their profits at the end of the year, i.e. during the New Year holidays and the weeks preceding them. Competition in this period is particularly acute. In addition, the holidays have a peak user activity in online games.
The longest attack recorded by Rostelecom in 2017 occurred in August and lasted 263 hours (almost 11 days). In 2018, an attack recorded in March and lasting 280 hours (11 days and 16 hours) reached record levels.
')
Last year there was a sharp jump in the power of DDoS attacks. If in 2017 this figure did not exceed 54 Gbit / s, then in 2018 the most serious attack was carried out already at a speed of 450 Gbit / s. This was not a single fluctuation: only twice a year did this figure drop significantly below 50 Gbit / s - in June and August.
Statistics for 2018 confirms that the threat of DDoS is most relevant for industries whose critical business processes depend on the availability of online services and applications — first of all, this is the gaming segment and e-commerce.
The share of attacks on game servers was 64%. According to analysts, in the coming years the picture will not change, and with the development of eSports, we can expect a further increase in the number of attacks on the industry. E-commerce enterprises consistently "hold" second place (16%). Compared to 2017, the share of DDoS attacks on telecom increased from 5% to 10%, while the share of educational institutions, on the contrary, decreased from 10% to 1%.
It is quite predictable that according to the criterion of the average number of attacks per client, the gaming segment and e-commerce occupy significant shares - 45% and 19%, respectively. More surprising is the significant increase in attacks on banks and payment systems. However, this is due rather to a very quiet year 2017 after the campaign against the Russian banking sector at the end of 2016. In 2018, everything returned to its place.
The most popular DDoS method is UDP flood - almost 38% of all attacks are carried out in this way. It is followed by a SYN-flood (20.2%) and, in almost equal shares, the attack with fragmented packets and DNS amplification - 10.5% and 10.1%, respectively.
The comparison of statistics for 2017 and 2018. shows that the proportion of SYN-flood attacks has almost doubled. We assume that this is due to their relative simplicity and cheapness - such attacks do not require the presence of a botnet (that is, the cost of its creation / lease / purchase).
The number of attacks using amplifiers increased. When organizing DDoS with amplification, attackers send requests with a fake source address to servers that respond to a victim of an attack with multiply enlarged packets. This method of DDoS-attacks on a new round and become very common in the near future, because it also does not require the costs of organizing or buying a botnet. On the other hand, with the development of the Internet of things and the increase in the number of known vulnerabilities in IoT devices, we can expect the emergence of new powerful botnets, and consequently, the reduction in price of services for organizing DDoS attacks.
The total number of DDoS attacks in 2018 increased by 95% compared with the previous year. The greatest number of attacks recorded in November and December. Many e-commerce companies receive a substantial part of their profits at the end of the year, i.e. during the New Year holidays and the weeks preceding them. Competition in this period is particularly acute. In addition, the holidays have a peak user activity in online games.
The longest attack recorded by Rostelecom in 2017 occurred in August and lasted 263 hours (almost 11 days). In 2018, an attack recorded in March and lasting 280 hours (11 days and 16 hours) reached record levels.
')
Last year there was a sharp jump in the power of DDoS attacks. If in 2017 this figure did not exceed 54 Gbit / s, then in 2018 the most serious attack was carried out already at a speed of 450 Gbit / s. This was not a single fluctuation: only twice a year did this figure drop significantly below 50 Gbit / s - in June and August.
Who is most often attacked
Statistics for 2018 confirms that the threat of DDoS is most relevant for industries whose critical business processes depend on the availability of online services and applications — first of all, this is the gaming segment and e-commerce.
The share of attacks on game servers was 64%. According to analysts, in the coming years the picture will not change, and with the development of eSports, we can expect a further increase in the number of attacks on the industry. E-commerce enterprises consistently "hold" second place (16%). Compared to 2017, the share of DDoS attacks on telecom increased from 5% to 10%, while the share of educational institutions, on the contrary, decreased from 10% to 1%.
It is quite predictable that according to the criterion of the average number of attacks per client, the gaming segment and e-commerce occupy significant shares - 45% and 19%, respectively. More surprising is the significant increase in attacks on banks and payment systems. However, this is due rather to a very quiet year 2017 after the campaign against the Russian banking sector at the end of 2016. In 2018, everything returned to its place.
Attack methods
The most popular DDoS method is UDP flood - almost 38% of all attacks are carried out in this way. It is followed by a SYN-flood (20.2%) and, in almost equal shares, the attack with fragmented packets and DNS amplification - 10.5% and 10.1%, respectively.
The comparison of statistics for 2017 and 2018. shows that the proportion of SYN-flood attacks has almost doubled. We assume that this is due to their relative simplicity and cheapness - such attacks do not require the presence of a botnet (that is, the cost of its creation / lease / purchase).
The number of attacks using amplifiers increased. When organizing DDoS with amplification, attackers send requests with a fake source address to servers that respond to a victim of an attack with multiply enlarged packets. This method of DDoS-attacks on a new round and become very common in the near future, because it also does not require the costs of organizing or buying a botnet. On the other hand, with the development of the Internet of things and the increase in the number of known vulnerabilities in IoT devices, we can expect the emergence of new powerful botnets, and consequently, the reduction in price of services for organizing DDoS attacks.
Source: https://habr.com/ru/post/445608/
All Articles