Australian security and infrastructure managers were scrambling to contain an explosion of distributed denial of service (DDoS) attacks after April saw a more than four-fold jump in the number of DDoS attacks directed at our shores, according to new figures.
The month saw 7200 DDoS attacks – equivalent to 240 per day, or 10 per hour – directed at Australian targets, according to the latest NETSCOUT Arbor’s Active Threat Level Analysis System (ATLAS). This represented a 323 percent increase over the March figures, when Australian targets suffered just 1700 attacks, or 2.2 per hour.
The figures not only showed a surge in the number of attacks, but an increase in the intensity of those attacks – from a peak of 14.3 million packets per second (mpps) in March, to 37.3 mpps in April.
The largest attack size in terms of bandwidth, however, remained largely the same – growing slightly from 53.7Gbps in March to 56Gbps in April. The United States, Russia, China, and India were the top four sources of DDoS traffic in both months.
The surge confirms a trend of growing DDoS activity noted in the leadup to February’s PyeongChang Winter Olympics 2018, at which point NETSCOUT Arbor ANZ country manager Tim Murphy told CSO Australia that the upswing was “preparation for what we anticipate to be larger and more targeted attacks. Exactly where they will be, only time will tell – but we’re as well positioned as we can be [to detect and block them.”
April not only saw a surge in DDoS activity, but it was a busy month for global efforts to stop major DDoS actors: late in the month, Dutch and British police led an operation that arrested the developers of the DDoS-as-a-service site webstresser.org, which was credited with launching over 6 million DDoS attacks for up to 136,000 registered users.
The low cost of Webstresser and similar attacks “suggest entire organisations or parts of a country can be disrupted for the price of a pound of good coffee beans,” McAfee head of cyber investigations John Fokker wrote in a recent blog, noting the predominance of gaming-related DDoS attacks “predominantly committed by young people”.
Such attacks “are becoming increasingly popular and the relative ease with which these attacks are carried out by individuals with little hacking experience is striking,” Fokker wrote. “One might think that attacking websites is all fun and games, but it is game over when the authorities come knocking at your door.”
For enterprises caught in the crossfire, robust DDoS defences have become a standard-issue part of the cybersecurity defence arsenal. And recent months have seen anti-DDoS providers out in force with new tweaks to meet that demand.
F5 Networks, for its part, launched its Advanced Web Application Firewall with Layer 7 DDoS protection that leverages machine learning and behavioural analytics to boost accuracy. Neustar – which recently observed an attack targeting 1900 different IPv6 hosts across more than 650 different networks – announced Neustar NetProtect, an anti-DDoS tool designed to reduce blocking latency by siting DDoS mitigation directly inside 61 data centres across 10 countries. And European data-centre provider OVH – itself once a target for the original Mirai botnet – has positioned its anti-DDoS offering as a key driver for rapid regional growth since it established its APAC regional headquarters in Melbourne a year ago.