100% increase in daily DDoS traffic in 2020 as 10 Tbps attack potential increases: Nokia
Nokia Deepfield has discovered a 100% increase in peak daily DDoS traffic between January 2020 and May 2021.
Nokia’s IP network and data analytics arm have been able to perform fingerprint analysis and network traffic origin analysis through their work with global service providers, web-scale enterprises and organizations. digital businesses.
Craig Labovitz, CTO of Nokia Deepfield, unveiled the conclusions of global DDoS traffic analysis at NANOG82 this week.
The analysis revealed that there has been a massive increase in volumetric high-bandwidth DDoS attacks, the majority of which come from a few dozen hosting companies.
Labovitz told ZDNet that conventional wisdom generally says that DDoS attacks come from all over the internet and that DDoS is unblockable at source.
“But conventional wisdom is wrong. We can stop the vast majority of DDoS within these 50 companies (for example if hosting companies block bad customers) or by actions taken within the 10 to 15 providers of Internet accesses that connect these hosting companies to the Internet, ”he said.
The researchers also found evidence of DDoS attacks with a threat potential “over 10 Tbps, up to five times greater than the largest current attacks reported.” The largest reported DDoS attack, according to Labovitz, was around 2 Tbps. Google said in October that in 2017 it dealt with a 2.54 Tbps attack launched by a state-sponsored group from China, the largest attack ever reported.
The size of attacks was increasing, according to Nokia Deepfield, in part because of “an increasing number of open and insecure Internet services and IoT devices.” Just six weeks ago, a DDoS attack destroyed 200 government and university websites across Belgium.
Labovitz added that the DDoS growth curve is exponential due to the explosive growth of IoT and the Cloud, which dramatically increase the number of servers and devices that can be co-opted into DDoS attacks.
“The second main point of my presentation today is that the exponential growth curve of DDoS poses an existential threat to the Internet. This is due to the growing number of servers (which can be tapped to launch DDoS) and a large number of IoT devices with substandard or default security (hence open to hacking and botnet control) ”, said Labovitz.
“My take is that it’s just luck, bugs in attacks etc that explain why the reported DDoS so far are significantly lower than the DDoS potential of 10+ Tbps (and maybe a lot most important). “
The company also found that over the past 15 months, there has been an expansion of DDoS for hire services available for attacks seeking to cause significant damage to individual and large-scale connectivity and service availability. .
Throughout 2020, as communities around the world instituted lockdowns as part of efforts to contain COVID-19, Nokia Deepfield said there was a 50% increase in DDoS traffic.
“The continued increase in the intensity, frequency and sophistication of DDoS attacks has resulted in a 100% increase in the ‘high watermark level’ of daily DDoS spikes – from 1.5 Tbps (January 2020) to more of 3 Tbps (May 2021), “the company said.
It is important that every participant in the network security ecosystem – end users, vendors, service providers, cloud builders, regulators and governments – understand the dangers that DDoS poses to the availability of internet content, applications and critical connectivity services, added Labovitz. .