Nexusguard Research Reveals 278 Percent Increase in DDoS Attacks Compared to Q1 2019

Juniman Kasman, CTO

Working from home has become the new normal in light of the current pandemic. As a result, household internet connectivity has become more necessary than ever before. This increased reliance on online services has led to a trend of attacks meant to overwhelm ISPs.

FREMONT, CA: A recent study by Nexusguard revealed that DDoS attacks have increased by over 278 percent in the first quarter of 2020 compared to that in 2019, and 542 percent increase compared to the last quarter. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to interrupt service for large companies and individuals alike. Internet service providers (ISPs) face increasing challenges to curb undetectable and abnormal traffic before they turn into uncontrollable reflection attacks.

Working from home has become the new normal in light of the current pandemic. As a result, household internet connectivity has become more necessary than ever before. This increased reliance on online services has led to a trend of attacks meant to overwhelm ISPs. In addition to traditional DDoS attacks, Nexusguard researchers identified various abnormal traffic patterns, including small-sized, short attacks dubbed 'invisible killers.' These kinds of attacks are often overlooked by ISPs, giving the invisible anomalies access to website and online services networks to cause havoc.

"We believe the small 'invisible killer' attacks are not isolated cases, but ongoing trends which can no longer be dismissed at the risk of Internet network infrastructure suffering a deluge of attacks," said Juniman Kasman, chief technology officer for Nexusguard. "It's imperative that Internet service providers take the initiative to address any suspicious traffic—irrespective of size or quantity—to ensure customers don't experience outages from DDoS attacks."

Nexusguard's study also showed that bits-and-pieces attacks continue to infiltrate traditional threshold-based detection. These attacks are a result of the drip-feeding doses of junk traffic into a large IP pool, which can clog the target when bits and pieces start to accumulate from different IPs. According to the report, 90 percent of attacks employed a single-vector approach, which is a change from the popularity of multi-vector attacks in the past. The company's DDoS threat research reports on attack data from botnet scanning, honeypots, CSPs and traffic moving between attackers and their targets to help companies identify vulnerabilities and stay informed about global cybersecurity trends.