Distributed denial-of-service (DDoS) attacks remain one of the most effective cyberattack methods. By flooding organizations’ servers, services, or networks with traffic from compromised devices or networks, attackers can cause significant financial, operational, and reputational damage.
Unfortunately, as overall Internet traffic has surged, DDoS attacks have, as well. In 2021, the Australian Bureau of Statistics endured close to a billion cyberattacks against its census website in 2021. More recently, in March 2023, the pro-Russian hacker group Killnet and their affiliate AnonymousSudan targeted university websites in Australia. The hackers also called for attacks against multiple airports and hospital websites.
Below, we explore some key trends (including insights from Dicker Data partner Cloudflare’s Q1 2023 DDoS threat report) — and ways you can help customers modernize their approach to DDoS protection.
Who and what are being targeted?
From a high level, a DDoS attack is like a traffic jam clogging up motorways, preventing drivers from arriving at their destination. Threat actors launch DDoS attacks (via compromised devices) to disrupt the normal traffic of a certain Internet server, service, or network. As our partner Microsoft explains in more detail here, DDoS attacks fall under three primary types: volumetric attacks, protocol attacks, and resource (or application) layer attacks.
Regardless of type, a successful DDoS attack will make your customers’ websites or servers unavailable to legitimate users. As noted in Cloudflare’s Q1 2023 DDoS threat report, threat actors “kicked off” this year with a series of hacktivist campaigns — including the Killnet and AnonymousSudan attack mentioned earlier. That particular attack focused on the application layer (layer 7), where common Internet requests (such as HTTP visits to a website) are made.
Another example of an application layer DDoS attack is a “hyper-volumetric” attack, which consumes all available bandwidth between the intended victim and the larger Internet. Quarter over quarter, Cloudflare detected and mitigated more hyper-volumetric DDoS attacks globally — including the largest-ever reported HTTP DDoS attack. Some of the attacked websites included a popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms.
Your customers should be aware that modern “hyper-volumetric” DDoS attacks use a new generation of botnets (networks of computers infected by malware) that are comprised of virtual private servers (VPS). Botnet attacks using VPS infrastructure are more dangerous, because they can be as much as 5,000x stronger than botnets using IoT devices.
That said, the majority of attacks are short and small; according to Cloudflare, 86% of network-layer DDoS attacks end within 10 minutes, and 91% of attacks never exceed 500 Mbps.
But even a “smaller” attack can hurt your customers. According to the Azure Network Security Team’s “2022 in review: DDoS attack trends and insights”, attacks that are shorter “require less resources and are more challenging to mitigate for legacy DDoS defenses. Attackers often use multiple short attacks over the span of multiple hours to make the most impact while using the fewest number of resources.”
As far as who is being attacked, threat actors will target organizations of all sizes and industries: any IP infrastructure connected to the Internet is vulnerable. However, according to Cloudflare’s data for Q1 2023:
(Image source: Cloudflare)
As far as where attacks originated, in the first quarter of 2023, the most HTTP DDoS attack traffic (by overall volume) came from IP addresses in the United States. China came in second, followed by Germany, Indonesia, Brazil, and Finland.
Layer 3 / layer 4 DDoS attacks, which target network equipment and infrastructure — as opposed to applications — originated closer to our side of the world. Vietnam was the largest source of L3/L4 attacks last quarter (followed by Paraguay, Moldova, and Jamaica).
Core DDoS protection capabilities
Because of the increasing complexity and volume of DDoS attacks (as well as evolving attack methods, which are explored more in Cloudflare’s report), your customers need specially designed network equipment or cloud-based DDoS protection.
Generally speaking, these are the core DDoS mitigation service capabilities:
Four questions to ask customers seeking DDoS protection
Selecting the right DDoS mitigation service requires a comprehensive approach to protecting networks and users. Here are four questions to consider when helping your customers create the strongest possible security posture:
Contact sales@dickerdata.com.au for all your technology needs.
16 September, 2024 - 7 min read
As the channel continues to face an underperforming economy... Read more
23 August, 2024 - 4 min read
In today’s day and age, we’re treated to more choice and variety... Read more
22 August, 2024 - 2 min read
Picture this: It’s October 14th 2025. You’ve just won some new... Read more
Subscribe to the Dicker Data blog
for regular updates and insights
Dicker Data (ASX: DDR) is an Australian owned and operated, ASX listed hardware distributor with over 46 years experience. Our dedicated sales and presales teams are comprised of experienced product specialists who are focused on using their in-depth knowledge to help customers tailor solutions to suit their client’s needs.
Phone: 1800 688 586
Email: sales@dickerdata.com.au