Link11 has released Q3 data from its network on the development of DDoS threats. The number of attacks remains at a very high level in Q3 2021. After Q2 2021 had already shown an increase of 19 percent compared to the same period of the previous year, the number of attacks rose by another 17 percent in Q3. In addition to the worsening of the threat situation in terms of the number of attacks, the increase in attack bandwidths and the rising complexity in attack techniques are also noticeable.
Link11's Security Operation Centre (LSOC) registered an increasing number of high-volume attacks. In 130 attacks, the maximum attack bandwidth exceeded 50 Gbps. In addition, the maximum bandwidth more than doubled - by 159 percent - compared to the same period last year. The largest attack was stopped at 633 Gbps. Furthermore, the attacks on the same customer added up to 2.5 Tbps within 120 minutes.
While single attack methods are declining, multi-vector attacks are becoming the norm in the DDoS threat landscape. The proportion of multi-vector attacks targeting multiple protocols and vulnerabilities, and thus different layers, increased significantly from 62 percent in Q2 2021 to 78 percent in Q3 2021. This development poses major challenges to many protection concepts that only focus on one layer or specific attack vectors and pushes them to their limits.
Carpet bombing attacks on operators of ICT infrastructures
‘Carpet bombing’ attacks are evolving into a major challenge for hosting and cloud providers, ISPs, and carriers. These attacks are technically very complex. The data traffic per IP address is so low that many protection solutions do not recognise them as an anomaly, meaning attacks often fly under the radar. In addition, the attacker does not direct the DDoS traffic to a specific system or server. Not only one IP address is attacked, but an entire network block with several hundred or thousand addresses.
The extent of the threat can be seen in the example of a hosting provider from Southeast Asia that is protected via the Link11 network. In August 2021, LSOC registered several 100,000 carpet bombing attacks on the company within 72 hours. According to LSOC's assessment, this form of attack thus reached a new level of quality. The attack bandwidths of the individual attacks ranged from 100 Mbps to 40 Gbps and quickly added up to a total volume in the terabit range. For an inadequately protected hosting provider whose core business is operating servers, it is almost impossible to mitigate such carpet bombing.
"Although carpet bombing attacks seem to primarily target hosting and cloud providers, ISPs and carriers, their potential impact should not be underestimated," said Marc Wilczek, managing director of Link11. "Attackers are intentionally targeting operators of basic digital infrastructures. When these infrastructures go offline, the connected business and working infrastructures of their customers go offline along with them. Therefore, there is no reason to give the all-clear. As the phenomenon becomes more prevalent, it is rather a matter of time before other sectors of the economy are confronted with it as well."
Link11 regularly publishes statistics, analysis and reports on the threat situation. These can be found on the Link11 Blog and in the Link11 Media Center. In addition, Link11 regularly hosts Link11 Executive Talks on current developments in IT security.