DDoS attacks increased 300 per cent in the third quarter of 2020 compared to Q1

Q3 DDoS attacks accounted for 56 per cent of all attacks seen so far this year

The number of distributed denial-of-service (DDoS) attacks observed in Q3 of 2020 increased four times compared to the pre-pandemic levels in the first quarter, data from web performance and security firm Cloudflare shows.

DDoS attacks, one of the most powerful weapons available to cyber actors, target online services and websites and overwhelm them with massive volumes of traffic than the server/network cannot accommodate.

The main goal behind such attacks is to create problems for the business by making their website inoperable. The disruption also causes problems for individual users who are prevented from accessing the service they require, and can be a cover for other activities by the attackers, such as stealing data.

In DDoS attacks, the huge volume of traffic usually comes in the form of fake packets, requests for connections, and incoming messages. In many cases, attackers target a website or business with a low level attack initially and threaten to launch a more damaging attack if ransom is not paid to them.

According to Cloudflare, network layer attacks doubled from Q1 to Q2 in 2020, and doubled again in the Q3, resulting in a four-fold increase compared the first quarter.

Q3 DDoS attacks accounted for 56 per cent of all attacks observed so far in the current year.

A rise in ransom-driven DDoS attacks (RDDoS) was also noticed in Q3, Cloudflare says, as threat groups like Cozy Bear, Lazarus and Fancy Bear accelerated extortion campaigns targeting businesses worldwide.

The highest incidence of large attacks (over 500Mbps) was observed in August, while the largest number of attacks overall was seen in September.

One of the largest-ever attacks on Cloudflare's network came in the month of July. The attack was generated by Moobot, a Mirai-based botnet, and peaked at 654 Gbps. It used 18,705 unique IP addresses, each thought to be a Moobot-infected Internet of Things (IoT) device.

The United States suffered the most L3/4 DDoS attacks (those targeting network and transport layers) in Q3, followed by Germany and Australia.

In terms of attack vector, SYN flood - bombarding the server with unfinished requests - was the most common attack vector (65 per cent) observed in Q3, followed by RST flood (saturating bandwidth) and UDP floods (overwhelming ports).

It was also noticed that attackers mostly preferred short attacks (less than an hour), which can cause damage without alerting DDoS detection systems, with accounting for nearly 88 per cent of all attacks. Short attacks may also be used to probe defences.