In-depth analysis provided by Nokia Deepfiled across large sample of networks globally finds that majority of DDoS attacks originate from fewer than 50 hosting companies and regional providers.
Nokia said its study examined service provider network traffic encompassing thousands of routers on the internet between January 2020 and May 2021. Among the findings, which were presented by Dr. Craig Labovitz, Nokia Deepfield CTO, at NANOG82: more than 100% increase in daily DDoS peak traffic in this time period; newly identified DDoS threat potential over 10 Tbps – four to five times higher than the largest current attacks reported – due to rapidly growing number of open and insecure internet services and IoT devices.
Dr. Craig Labovitz, CTO, Nokia Deepfield, said: “It is equally important for every participant in the network security ecosystem – end users, vendors, service providers, cloud builders, regulators and governments – to understand the dangers DDoS poses to the availability of internet content, applications and critical connectivity services. With this knowledge and a community commitment to solving the DDoS problem, we can go a long way towards making our networks, services and subscribers more secure.”
- In an environment where attackers constantly leverage opportunistic resources to source their attacks, Nokia Deepfield found in the past 15 months accessibility of DDoS for hire services has increased the threat potential of the existing botnet, IoT and cloud-based attack models.
- The results trace the origins of most of the high-bandwidth, high-intensity (volumetric) attacks to a limited number of internet domains, finding that most global DDoS attacks (by frequency and traffic volume) originate in less than 50 hosting companies and regional providers.
- As COVID lockdown measures were implemented in 2020, Nokia Deepfield noticed a 40-50% increase in DDoS traffic. The continued increases in intensity, frequency and sophistication of DDoS attacks have resulted in a 100% increase in the “high watermark levels” of DDoS daily peaks – from 1.5 Tbps (January 2020) to over 3 Tbps (May 2021).
The report is posted here:
https://www.nokia.com/networks/solutions/deepfield/network-intelligence-report/