Largest DDoS-for-hire Websites Responsible for 11 Percent of Attacks Worldwide, According to Nexusguard Threat Report

March 25, 2019 - 02:29
Largest DDoS-for-hire Websites Responsible for 11 Percent of Attacks Worldwide, According to Nexusguard Threat Report

The FBI’s shutdown of the world’s 15 largest DDoS-for-hire “booter” websites in December resulted in 85 percent decrease in average attack sizes, year-over year


SAN FRANCISCO, UNITED STATES - Media OutReach - 25 March 2019 - The Nexusguard "Q4 2018 Threat Report"revealed that the FBI's shutdown of the 15 largest distributeddenial-of-service (DDoS) for hire vendors ("booters") reduced the overallnumber of attacks worldwide by nearly 11 percent compared to the same periodlast year. Along with the fewer total attacks, the average size decreased by 85percent as did the maximum attack size by 24 percent, indicating the FBIcrackdown was effective in reducing the global impact of DDoS attacks. However,the managed DDoS mitigation service provider believes that booter websites arepoised to make a comeback despite the crackdown due to growing botnets andincessant demand for DDoS-for-hire services.

The quarterly report, which measures thousandsof DDoS attacks around the world, showed that DDoS-for-hire websites representthe legal loopholes from website and network ownership, as well as IoT devicesand rapidly changing infrastructure that allows hackers to exploitvulnerabilities before owners or manufacturers can thwart them. These booterswere alleged to have been responsible for generating more than 200,000 DDoSattacks since 2014. Despite the effective crackdown by federal law enforcementon these sites in December 2018, Nexusguard researchers warns thatorganizations should remain vigilant as other booter services may rise to taketheir place and attack volume will revive.

"Seizing command-and-control servers, bootersand other resources has been a big part of the FBI's fight against cybercrime,but this shutdown only scratches the surface of a global problem," said JunimanKasman, chief technology officer for Nexusguard. "While booters are visibletargets, businesses must also manage the vulnerabilities that stem fromunpatched hardware and software, human error and new attack methods, especiallyas the footprint of IoT expands."

More than 90 percent of DDoS attacks ratedsmaller than one Gbps in size. "Bit-and-piece" attacks continued from lastquarter into Q4, employed in many campaigns regardless of the vector utilized.Bit-and-piece attacks beat detection thresholds in that the targeted IP addressreceives only a small number of responses in each organized campaign, leavinglittle or no trace. Black-holing all traffic to an entire IP prefix is a costlyapproach, due to the tactic blocking access to various legitimate services.

Other report findings show:

  • HTTPS attacks ranked third highestin attack popularity, compared to user datagram protocol (UDP) and simpleservice discovery protocol (SSDP) attacks. An unusual pattern of frequentlyrepeated HTTPS attacks was observed against one customer, occurring nearlyevery day in December and up to 13 times in one day, demonstrating theattacker's commitment to disrupting the target's network for all of December,the busiest time of year for retail and entertainment businesses
  • Attack durations increased morethan 175 percent to more than 450 minutes on average compared to last year.Attacks in the quarter were routinely targeted to occur during peak servicehours for maximum disruption.
  • China held its lead as source ofDDoS attacks, with 23 percent of attacks originating in the country and 18percent originating in the United States.

Nexusguard's quarterly DDoS threat researchmeasures attack data from botnet scanning, honeypots, communications serviceproviders (CSPs) and traffic moving between attackers and their targets to helpcompanies identify vulnerabilities and stay informed about global cybersecurity trends. Read the full "Q4 2018 Threat Report"for more details.


About Nexusguard

Founded in 2008, Nexusguard is a leadingcloud-based distributed denial of service (DDoS) security solution providerfighting malicious internet attacks. Nexusguard ensures uninterrupted internetservice, visibility, optimization and performance. Nexusguard is focused ondeveloping and providing the best cybersecurity solution for every clientacross a range of industries with specific business and technical requirements.Nexusguard also enables communication service providers to deliver DDoSprotection solution as a service. Nexusguard delivers on its promise to provideyou with peace of mind by countering threats and ensuring maximum uptime. Visitwww.nexusguard.comfor more information.