Distributed denial of services (DDoS) traffic has more than doubled in volume between January 2020 and May 2021.
This is among the findings of Nokia Deepfield’s DDoS traffic analysis, which examined service provider network traffic encompassing thousands of routers on the internet.
The newly-identified DDoS threat potential of over 10Tbps – four to five times higher than the largest current attacks reported – is due to rapidly growing number of open and insecure internet services and IoT devices, according to Dr Craig Labovitz, chief technology officer of Nokia Deepfield.
In an environment where attackers constantly leverage opportunistic resources to source their attacks, Nokia Deepfield found in the past 15 months accessibility of DDoS for hire services has increased the threat potential of the existing botnet, IoT and cloud-based attack models.
The results trace the origins of most of the high-bandwidth, high-intensity (volumetric) attacks to a limited number of internet domains, finding that most global DDoS attacks (by frequency and traffic volume) originate in less than 50 hosting companies and regional providers.
As Covid lockdown measures were implemented in 2020, Nokia Deepfield noticed a 40% to 50% increase in DDoS traffic. The continued increases in intensity, frequency and sophistication of DDoS attacks have resulted in a 100% increase in the “high watermark levels” of DDoS daily peaks – from 1,5Tbps (January 2020) to over 3Tbps (May 2021).
With broadband connectivity becoming an essential service, the fight against DDoS is critical. These large-scale DDoS attacks can inflict major damage on individual and large-scale connectivity and service availability, resulting in damages costing hundreds of thousands or even millions of dollars in production and operational losses.
Accurate DDoS detection and cost-effective, automated mitigation are becoming paramount requirements for service providers, cloud builders and network operators to protect their network infrastructures, services and users.
The newly enhanced Nokia Deepfield Defender provides fast and accurate DDoS detection and facilitates agile mitigation of volumetric DDoS attacks at the network edge. With its ability to scale to petabyte-levels and advanced features such as multi-layer protection and auto-mitigation, Deepfield Defender delivers an intelligent and automated approach to thwart and minimize the security risks associated with a new generation of DDoS threats and attacks.
Drawing DDoS security expertise from its global network deployments and insights from Deepfield Security Genome, Nokia Deepfield Defender accurately and rapidly detects hosts, botnets and IoT devices involved in active attacks, and programs router-based mitigation with tens/hundreds of thousands of highly precise filters resulting in network-wide, cost-effective DDoS protection.
Dr Labovitz comments: “It is equally important for every participant in the network security ecosystem – end users, vendors, service providers, cloud builders, regulators and governments – to understand the dangers DDoS poses to the availability of internet content, applications and critical connectivity services. With this knowledge and a community commitment to solving the DDoS problem, we can go a long way towards making our networks, services and subscribers more secure.”