Link11’s Q3 DDoS Report shows that the scale and volume of attacks continued to grow in Europe during Q3 2018. Link11’s security operations centre registered a total of 15,934 attacks in the period (averaging over 175 attacks per day), an increase of 71% over the previous quarter. The average DDoS attack volume more than doubled in Q3, to 4.6 Gbps, up from 2.2 Gbps in Q2. Attacks are also becoming increasingly complex, with 59% of incidents using two or more vectors – up from 46% in Q2.
The highest-volume attack observed by Link11 in 2018 rose to 371Gbps in Q3, an increase of 75% compared to the maximum of 212 Gbps observed in Q1. In addition, there were a further 35 attacks with bandwidth peaks above 100 Gbps. The Link11 Security Operation Center (LSOC) also registered a sharp increase in attacks with bandwidth peaks of between 5 and 10 Gbps.
Multivector attacks, which accounted for 59% of all attacks in Q3, were also a major threat. 37% of all attacks in Q3 featured 3 different vectors – more than double the number of triple-vector attacks seen in Q2 (16%).
The LSOC also observed that attacks are most frequent on Fridays and Sundays, with the level of attacks declining during the business week. Attackers targeted organizations most frequently between 4pm and midnight Central European Time, with attack volumes at their lowest between 5am and 10 am CET.
The report also revealed:
• The highest number of attacks seen in one day during Q3 was 885 on Friday 17 August.
• The longest defended attack in the 3rd quarter lasted almost 10 hours.
• The most important high volume vectors were DNS Reflection and CLDAP.
• Attacks via Memcached Reflection, which had dominated the 1st and 2nd quarters, were the exception
Aatish Pattni, Regional Director UK & Ireland for Link11, commented: "The structure and composition of DDoS attacks is constantly changing, but the goal remains the same: to interrupt servers, networks or data streams. Over half of attacks during Q3 were multi-vector, making them harder to defend against, and they are growing in volume, too, meaning they can easily overwhelm defences. To stop these attacks disrupting business operations, organizations need proactive protection that tracks and responds to evolving attack scenarios and patterns automatically, using advanced machine-learning techniques.”