TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

DDoS Attack Trends for 2020

2021-05-08 · Read original ↗

ATT&CK techniques detected

34 predictions
T1498Network Denial of Service
91%
“ntp reflection, and udp fragmentation attacks. increasing ddos complexity web apps, served over http and https, accounted for 17 % of application attacks, though the majority, 83 %, targeted dns servers. generally speaking, it can be extremely difficult to identify which requests…”
T1498Network Denial of Service
90%
“vectors, percentages will always add up to more than 100 %. ) each ddos category includes many different attack types, as threat actors look to exploit different layers of the network and application stack. for example, application ddos includes http, https, and dns requests to a…”
T1498Network Denial of Service
90%
“ddos attack trends for 2020 distributed denial - of - service ( ddos ) is a persistent threat facing businesses of all types, regardless of geographic location or target market. the tools used to launch distributed dos ( ddos ) are becoming easier to use, while the attacks themse…”
T1498Network Denial of Service
89%
“incidents. specifically, 53 % of attacks took advantage of some kind of reflection attack, which leverages other people ’ s vulnerable systems. - application ddos jumped to an impressive 16 % of all ddos incidents and accounted for more than 50 % of all ddos - related support cas…”
T1498Network Denial of Service
89%
“for mitigating ddos attacks the following technical / preventive security controls are recommended to protect against ddos attacks. for more information about ddos attack tools, tactics, and procedures, see : recommendations - implement ddos protection using an on - premises solu…”
T1498Network Denial of Service
88%
“ddos attacks also appear to be growing in complexity. in 54 % of ddos incidents, threat actors used multiple techniques to launch simultaneous attacks in an attempt to overwhelm the victim ’ s defenses — a trend that appears to be on the rise. the first quarter of 2021 saw an 80 …”
T1498Network Denial of Service
88%
“the network with attacker - generated traffic in an attempt to consume all available network bandwidth to the application. the largest attack the f5 soc team saw and mitigated over the past 15 months peaked at an impressive 500 gbps. protocol ddos attacks work by filling up conne…”
T1498Network Denial of Service
86%
“15 months occurring in q1 2021 ( see figure 11 ). figure 11. number of ddos attacks against the education sector, january 2020 through march 2021. conclusion with a steady increase in both the quantity and complexity of ddos attacks, it ’ s clear we need to do more to defend agai…”
T1498Network Denial of Service
79%
“s internet bandwidth, networking stack, and application servers at the same time. who is being targeted with ddos? launching ddos attacks has a very low barrier to entry for the would - be hacker. youtube contains tutorials for creating new botnets, and ddos - for - hire services…”
T1498Network Denial of Service
74%
“- v2 / en / archive - pages / education / what - is - a - dns - amplification - attack -. html ) explains them in detail. udp is connectionless, so it ’ s easy to spoof source and destination ip addresses. for this reason, udp - based ddos accounts for 83 % of all ddos attacks. d…”
T1498Network Denial of Service
69%
“2021 so far the largest attack the soc team encountered over the past 15 months came in february 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. the onslaught peaked at 500 gbps, or half a terabit per secon…”
T1498.001Direct Network Flood
61%
“ntp reflection, and udp fragmentation attacks. increasing ddos complexity web apps, served over http and https, accounted for 17 % of application attacks, though the majority, 83 %, targeted dns servers. generally speaking, it can be extremely difficult to identify which requests…”
T1498.001Direct Network Flood
56%
“the third most common word is used one - third as often as the first, and so on. we see zipfian distributions around the world, from natural disasters and solar flare intensities to frequency of passwords appearing in breached data sets. in figure 5, the yellow line denotes a sta…”
T1498.001Direct Network Flood
56%
“ddos attack trends for 2020 distributed denial - of - service ( ddos ) is a persistent threat facing businesses of all types, regardless of geographic location or target market. the tools used to launch distributed dos ( ddos ) are becoming easier to use, while the attacks themse…”
T1498.001Direct Network Flood
55%
“vectors, percentages will always add up to more than 100 %. ) each ddos category includes many different attack types, as threat actors look to exploit different layers of the network and application stack. for example, application ddos includes http, https, and dns requests to a…”
T1499Endpoint Denial of Service
55%
“2021 so far the largest attack the soc team encountered over the past 15 months came in february 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. the onslaught peaked at 500 gbps, or half a terabit per secon…”
T1498.001Direct Network Flood
54%
“- v2 / en / archive - pages / education / what - is - a - dns - amplification - attack -. html ) explains them in detail. udp is connectionless, so it ’ s easy to spoof source and destination ip addresses. for this reason, udp - based ddos accounts for 83 % of all ddos attacks. d…”
T1498.001Direct Network Flood
54%
“s internet bandwidth, networking stack, and application servers at the same time. who is being targeted with ddos? launching ddos attacks has a very low barrier to entry for the would - be hacker. youtube contains tutorials for creating new botnets, and ddos - for - hire services…”
T1498.001Direct Network Flood
53%
“15 months occurring in q1 2021 ( see figure 11 ). figure 11. number of ddos attacks against the education sector, january 2020 through march 2021. conclusion with a steady increase in both the quantity and complexity of ddos attacks, it ’ s clear we need to do more to defend agai…”
T1498.001Direct Network Flood
53%
“2021 so far the largest attack the soc team encountered over the past 15 months came in february 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. the onslaught peaked at 500 gbps, or half a terabit per secon…”
T1499Endpoint Denial of Service
52%
“incidents. specifically, 53 % of attacks took advantage of some kind of reflection attack, which leverages other people ’ s vulnerable systems. - application ddos jumped to an impressive 16 % of all ddos incidents and accounted for more than 50 % of all ddos - related support cas…”
T1498.001Direct Network Flood
52%
“ddos attacks also appear to be growing in complexity. in 54 % of ddos incidents, threat actors used multiple techniques to launch simultaneous attacks in an attempt to overwhelm the victim ’ s defenses — a trend that appears to be on the rise. the first quarter of 2021 saw an 80 …”
T1498Network Denial of Service
52%
“large increase in phishing incidents during this time. while the soc team was aware of a large number of ddos ransom demands that hit the financial sector during this period, the ddos attack data shows that, in fact, all industries saw a similar increase. attack methods were also…”
T1498.001Direct Network Flood
51%
“incidents. specifically, 53 % of attacks took advantage of some kind of reflection attack, which leverages other people ’ s vulnerable systems. - application ddos jumped to an impressive 16 % of all ddos incidents and accounted for more than 50 % of all ddos - related support cas…”
T1498.001Direct Network Flood
48%
“the network with attacker - generated traffic in an attempt to consume all available network bandwidth to the application. the largest attack the f5 soc team saw and mitigated over the past 15 months peaked at an impressive 500 gbps. protocol ddos attacks work by filling up conne…”
T1499Endpoint Denial of Service
48%
“ddos attack trends for 2020 distributed denial - of - service ( ddos ) is a persistent threat facing businesses of all types, regardless of geographic location or target market. the tools used to launch distributed dos ( ddos ) are becoming easier to use, while the attacks themse…”
T1499Endpoint Denial of Service
45%
“ntp reflection, and udp fragmentation attacks. increasing ddos complexity web apps, served over http and https, accounted for 17 % of application attacks, though the majority, 83 %, targeted dns servers. generally speaking, it can be extremely difficult to identify which requests…”
T1499Endpoint Denial of Service
43%
“for mitigating ddos attacks the following technical / preventive security controls are recommended to protect against ddos attacks. for more information about ddos attack tools, tactics, and procedures, see : recommendations - implement ddos protection using an on - premises solu…”
T1499Endpoint Denial of Service
42%
“the network with attacker - generated traffic in an attempt to consume all available network bandwidth to the application. the largest attack the f5 soc team saw and mitigated over the past 15 months peaked at an impressive 500 gbps. protocol ddos attacks work by filling up conne…”
T1499Endpoint Denial of Service
42%
“vectors, percentages will always add up to more than 100 %. ) each ddos category includes many different attack types, as threat actors look to exploit different layers of the network and application stack. for example, application ddos includes http, https, and dns requests to a…”
T1498.001Direct Network Flood
38%
“for mitigating ddos attacks the following technical / preventive security controls are recommended to protect against ddos attacks. for more information about ddos attack tools, tactics, and procedures, see : recommendations - implement ddos protection using an on - premises solu…”
T1499Endpoint Denial of Service
37%
“ddos attacks also appear to be growing in complexity. in 54 % of ddos incidents, threat actors used multiple techniques to launch simultaneous attacks in an attempt to overwhelm the victim ’ s defenses — a trend that appears to be on the rise. the first quarter of 2021 saw an 80 …”
T1499Endpoint Denial of Service
35%
“15 months occurring in q1 2021 ( see figure 11 ). figure 11. number of ddos attacks against the education sector, january 2020 through march 2021. conclusion with a steady increase in both the quantity and complexity of ddos attacks, it ’ s clear we need to do more to defend agai…”
T1498.001Direct Network Flood
32%
“large increase in phishing incidents during this time. while the soc team was aware of a large number of ddos ransom demands that hit the financial sector during this period, the ddos attack data shows that, in fact, all industries saw a similar increase. attack methods were also…”

Summary

Denial-of-service attacks are increasing and becoming more complex. We look at how attackers are attempting to bring down services around the world.