A new report has confirmed that Europe, Africa, and the Middle East are becoming prime targets for increasingly sophisticated DDoS attacks.
The Polish cybersecurity firm, F5’s, Security Operations Centre (SOC) has confirmed that their customer information indicates that this last year there has been a 64% increase in distributed denial of service (DDoS) attacks.
Interestingly, over 51% of the total international attacks were directed at victims based in Europe, Africa, and the Middle East (EMEA). In addition, 66% of the total attacks included several attack techniques such as high-level technical knowledge and sophisticated mitigation tools.
The report from F5 follows in the wake of recent highly sophisticated DDoS attacks that targeted three prominent banks and the tax office of the Netherlands.
However, EMEA users seemed to have actively responded to the growing threat. According to the F5 report, 100% of their EMEA customers implemented web application firewall (WAF) software during the course of the last year, while an additional 58% of customers implemented DDoS protection software.
Interestingly, the report notes that DDoS attacks were becoming less powerful per single attack. During 2015, the SOC reported several attacks over 100Gbps, with a handful of attacks that transcended 400Gbps.
However, during 2017, the most powerful attack was logged at a mere 62Gbps. The drop in power is most likely due to the increasing amount of sophistication that most attacks demonstrate. The majority of attacks used the highly sophisticated application layer 7, which means that the attack requires less power to be effective.
According to the F5 SOC manager, Kamil Wozniak, the latest report suggests that EMEA customers are at an increased risk for attacks that are more sophisticated in nature while featuring a wider scope and more devastating implication than their predecessors.
Wozniak added that most businesses should be made aware of this changing nature, and ensure that they have the adequate DDoS protection software that provides comprehensive protection. Wozniak especially urged businesses in the EMEA area to take this threat seriously as DDoS attacks can severely compromise and damage a business’ tech infrastructure and reputation.
The report states that their customer experienced the widest variety of DDoS attack techniques during the first quarter of 2017.
During this time, 25% of the total attacks were performed using the User Diagram Protocol. This technique requires the hackers to impersonate trusted sources to send big UDP packets to the victim. This will subsequently enable to steal the victim’s sensitive data. The second most used attack was DNS reflection which accounted for 18% of all attacks and SYN flood attacks which stood at 16%.
Surprisingly Q1 of 2017 also witnessed an influx of Internet Control Message Protocol (ICMP) attacks. This attack refers to when the attacker overwhelms the target with echo requests in quick succession without waiting for a response. This differs widely from data in 2016, which stated that the most used techniques during Q1 2016 were the Simple Service Discovery Protocol (SSDP) and UPD techniques.
During Q2 of 2017, SYN floods took with the lead with 25%, with UDP floods and networks time protocol-based attacks both taking second place at 20%, respectively.
However, according to the report, Q3 saw a massive increase in DDoS attacks as UDP floods rose with 26%, while NTP floods stood at 22%, and DNS reflection taking third place at 17%.
Towards the end of 2017, the UDP flood remained the most prominent attack at 25%, while DNS reflection took second place at 20%.
An alarming development during Q4 2017, however, suggests that DDoS attackers are becoming more innovative, especially considering new malware and Trojans such as the Ramnit trojan. According to F5, the Ramnit trojan was designed to attack banking institutions but mainly targeted US-based e-commerce sites during Q4, 2017.
Other targets include websites in the pornography, travel, dating, entertainment, and food industries.
Wozniak stated that all businesses’ should ensure that they implement DDoS protection in 2018 if they have not already done so. According to the SOC manager, DDoS protection will become vital for Emma-Based businesses as the EU’s General Data Protection Regulation policy becomes implemented in 2018.