TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

2023 DDoS Attack Trends

2023-02-21 · Read original ↗

ATT&CK techniques detected

26 predictions
T1498Network Denial of Service
89%
"in mind when reading any analysis of ddos trends and events. bringing a critical frame of mind to any data to determine relevance to your specific situation is key to being able to turn observations into action. any dataset relating to ddos traffic will only show what the collect…"
T1498Network Denial of Service
88%
"2023 ddos attack trends as we have done for prior ddos attack trends reports, we recently analyzed attack data from the f5 distributed cloud ddos mitigation service to get a look at the ddos traffic they handled for their customers in 2022. we continued our analysis by comparing …"
T1498Network Denial of Service
86%
"of the application attacks we have in our dataset, the vast majority were dns request floods – 93. 4 % in fact. these certainly can be devastating. dns is a critical piece of infrastructure, and flooding dns servers with queries for non - existent subdomains, can cause a great de…"
T1498Network Denial of Service
85%
"” ( figure 11 ) this allows us to ask a pertinent question – are some industry sectors subject to more of some types of ddos than others? do attackers use different methods to attack different industries? as a percentage of all attacks targeted at organizations within a given cla…"
T1498Network Denial of Service
84%
"##s : we must expect application and multi - vector ( most often a combination of application and volumetric ) attacks. is killnet a sign of things to come? a particularly illustrative example of recent trends is provided by killnet. our colleagues in the f5 distributed cloud ser…"
T1498Network Denial of Service
78%
"should pay special attention to web - based denial of service. while multi - terabit attacks will continue to occur from time to time, the majority of ddos use significantly less bandwidth. however, given the wide range of bandwidths observed, even the most frequently observed ba…"
T1498Network Denial of Service
74%
"is where, according to our data, attackers are shifting their attention. automated attacks, even when not intentional ddos ( for example, scraper bots, reseller bots ) are not necessarily going to be caught by scrubbing services, and it makes sense to apply defenses against these…"
T1498Network Denial of Service
69%
"making up for a lack of overall capability. figure 9 multi - vector peak bandwidth, clustering between 10mbps and 1, 000, 000mbits tracking ddos attack types over time another way of visualizing the overall peak bandwidth of each type can be created by taking the monthly rolling …"
T1498.001Direct Network Flood
69%
"is where, according to our data, attackers are shifting their attention. automated attacks, even when not intentional ddos ( for example, scraper bots, reseller bots ) are not necessarily going to be caught by scrubbing services, and it makes sense to apply defenses against these…"
T1498.001Direct Network Flood
63%
"a ramp down period in terms of the bandwidth they use. the peak bandwidth is defined here as the maximum observed bandwidth in a single point in time during the attack. it does not indicate how long the total attack lasted, but does give some indication as to the resources the at…"
T1498.001Direct Network Flood
56%
"2023 ddos attack trends as we have done for prior ddos attack trends reports, we recently analyzed attack data from the f5 distributed cloud ddos mitigation service to get a look at the ddos traffic they handled for their customers in 2022. we continued our analysis by comparing …"
T1498.001Direct Network Flood
54%
"making up for a lack of overall capability. figure 9 multi - vector peak bandwidth, clustering between 10mbps and 1, 000, 000mbits tracking ddos attack types over time another way of visualizing the overall peak bandwidth of each type can be created by taking the monthly rolling …"
T1498.001Direct Network Flood
53%
"in mind when reading any analysis of ddos trends and events. bringing a critical frame of mind to any data to determine relevance to your specific situation is key to being able to turn observations into action. any dataset relating to ddos traffic will only show what the collect…"
T1498Network Denial of Service
51%
"a ramp down period in terms of the bandwidth they use. the peak bandwidth is defined here as the maximum observed bandwidth in a single point in time during the attack. it does not indicate how long the total attack lasted, but does give some indication as to the resources the at…"
T1499Endpoint Denial of Service
51%
"in mind when reading any analysis of ddos trends and events. bringing a critical frame of mind to any data to determine relevance to your specific situation is key to being able to turn observations into action. any dataset relating to ddos traffic will only show what the collect…"
T1498.001Direct Network Flood
47%
"##s : we must expect application and multi - vector ( most often a combination of application and volumetric ) attacks. is killnet a sign of things to come? a particularly illustrative example of recent trends is provided by killnet. our colleagues in the f5 distributed cloud ser…"
T1499Endpoint Denial of Service
47%
"##s : we must expect application and multi - vector ( most often a combination of application and volumetric ) attacks. is killnet a sign of things to come? a particularly illustrative example of recent trends is provided by killnet. our colleagues in the f5 distributed cloud ser…"
T1498.001Direct Network Flood
42%
"of the application attacks we have in our dataset, the vast majority were dns request floods – 93. 4 % in fact. these certainly can be devastating. dns is a critical piece of infrastructure, and flooding dns servers with queries for non - existent subdomains, can cause a great de…"
T1498Network Denial of Service
42%
"attacks, since they often overload the compute capacity of network devices, such as routers and firewalls. application application attacks are those that target higher level protocols, the most frequently observed being http get floods, tls renegotiation, and dns queries. we make…"
T1498.001Direct Network Flood
40%
"” ( figure 11 ) this allows us to ask a pertinent question – are some industry sectors subject to more of some types of ddos than others? do attackers use different methods to attack different industries? as a percentage of all attacks targeted at organizations within a given cla…"
T1498.001Direct Network Flood
37%
"and 1000 mbps application attacks, as might be expected, fall into an even lower range, where the peak bandwidth rarely rises above 1gpbs. but there are outliers here as well, with some reaching peak bandwidths of 100gpbs ( figure 8 ). these were primarily dns request floods in o…"
T1499Endpoint Denial of Service
37%
"” ( figure 11 ) this allows us to ask a pertinent question – are some industry sectors subject to more of some types of ddos than others? do attackers use different methods to attack different industries? as a percentage of all attacks targeted at organizations within a given cla…"
T1499Endpoint Denial of Service
36%
"of the application attacks we have in our dataset, the vast majority were dns request floods – 93. 4 % in fact. these certainly can be devastating. dns is a critical piece of infrastructure, and flooding dns servers with queries for non - existent subdomains, can cause a great de…"
T1499Endpoint Denial of Service
36%
"2023 ddos attack trends as we have done for prior ddos attack trends reports, we recently analyzed attack data from the f5 distributed cloud ddos mitigation service to get a look at the ddos traffic they handled for their customers in 2022. we continued our analysis by comparing …"
T1498Network Denial of Service
32%
"and 1000 mbps application attacks, as might be expected, fall into an even lower range, where the peak bandwidth rarely rises above 1gpbs. but there are outliers here as well, with some reaching peak bandwidths of 100gpbs ( figure 8 ). these were primarily dns request floods in o…"
T1498.001Direct Network Flood
31%
"should pay special attention to web - based denial of service. while multi - terabit attacks will continue to occur from time to time, the majority of ddos use significantly less bandwidth. however, given the wide range of bandwidths observed, even the most frequently observed ba…"

Summary

We analyzed the last three years of DDoS data, and found attackers shifting to more complex approaches, and shifting up the stack.