TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

2024 DDoS Attack Trends

2024-07-16 · Read original ↗

ATT&CK techniques detected

60 predictions
T1498Network Denial of Service
89%
"regions a saw significant growth in ddos attacks over 2023 with many attacks directly attributable to geopolitical events throughout the year. in particular, banking, software and computer services, and the telecommunications industries all saw dramatic increases in malicious act…"
T1498Network Denial of Service
86%
"june, july, and august of 2023 a major online retailer suffered a number of denial - of - service incidents. the july ddos incident peaked at approximately 16, 000 transactions per second ( tps ), and was a simple http get flood targeting the home page of the retailer. two attemp…"
T1498Network Denial of Service
86%
"2024 ddos attack trends introduction the owasp top 10 has not called out denial of service ( dos ) attacks as a top threat to web applications for over twenty years. published way back in 2004, the second owasp top 10 list awarded the number nine spot ( known as a9 ) to “ applica…"
T1498Network Denial of Service
85%
"is it due to a well planned marketing campaign, an inability to identify and block automation, or a denial of service using the infamous slowloris attack, or perhaps a newer vector such as http / 2 rapid reset. recommendations ddos attacks are clearly here to stay and while many …"
T1498Network Denial of Service
83%
"service with insights from security engineers in the security incident response team ( sirt ) and the threat analytics and reporting ( tar ) teams, we have been able to paint a detailed and insightful picture into the current state of dos attacks being used by threat actors all o…"
T1498Network Denial of Service
83%
"high website ranking attract more ddos attacks? are small organizations ( typically found toward the bottom of the world ’ s 1 million most popular sites ) out of sight and, therefore, out of mind? ( see methodology in the appendix to understand how we rank sites ). these are the…"
T1498Network Denial of Service
83%
"of 2023 saw law enforcement making significant progress in the battle against ddos - as - a - service providers, the rapid recovery of organized crime and the announcement of new dos attack vectors means that the relative calm was short lived. one step forward : global takedowns …"
T1498Network Denial of Service
80%
"##3 the global map shown in figure 3 provides a glanceable view of the attacks seen by f5 distributed cloud over the course of 2023. while the number of attacks encountered by each region appears to vary drastically, the frequency of incidents is directly proportional to the numb…"
T1498Network Denial of Service
77%
"dive in the numbers later in this report. february 2023 was, in particular, a very quiet month. attack frequency was down considerably, as were the size of attacks. the largest attack seen in february measured only 7 gbps. threat actors recovered quickly, however, with march witn…"
T1498Network Denial of Service
77%
", administration, payroll, and facilities management to other organizations. while the number of incidents focused on this sector remained fairly flat compared with 2022, support services takes a podium finish in 2023. it was the third most attacked sector with 11 % of all incide…"
T1498Network Denial of Service
76%
"##urate the networks delivering the application to users. back in 2022 we saw a steady increase in application layer attacks ( including http ( s ) floods and dns queries ) and this growth peaked at just under 40 % of all attacks by quarter 1 of 2023. over the remainder of 2023 a…"
T1498Network Denial of Service
76%
"non - existent domains the dns server is compelled to perform a lookup and then return an nxdomain error. the quantity of requests consumes the resources of the dns server, preventing genuine users from resolving a domain into the ip address their device needs in order to find an…"
T1498Network Denial of Service
75%
"3 ( which uses udp ) we expect to see this trend grow at an increasing rate over the coming years. note : since many attacks are multi - vector and will attack many apps across different protocols, the values for udp, tcp, and icmp combined will add up to more than the years ’ to…"
T1498Network Denial of Service
75%
"than others. one unfortunate software & computer services firm withstood a staggering 127 attacks over the course of the year. however, this was far from the most attacked organization. one company stole the unenviable crown for most targeted, suffering a whopping 187 individual …"
T1498Network Denial of Service
75%
"comparatively quite months for the media industry with respect to ddos attacks. it is therefore interesting that quarters 1 and 4 had relatively high proportions of application layer attacks ( figure 31 ). this implies that the additional in attacks, seen in april through septemb…"
T1498Network Denial of Service
74%
"vectors ( such as nxdomain attacks as well as dns reflection floods ) yet another exploit was revealed for this much beleaguered protocol. just as with the http / 2 based attacks, this method exploits not a vulnerability, but deliberate mechanisms defined within the rfc 1035 spec…"
T1190Exploit Public-Facing Application
72%
"2023. we would be remiss, however, to not address the huge rise in ddos activity seen at the start of 2024. as recently covered in the april 2024 edition of the sensor intel series, threat actors have been using new vulnerabilities to build ddos botnets from tp - link and netgear…"
T1498Network Denial of Service
72%
"servers ( stressors ) and botnets in an attempt to make their voice heard. the software and computer services industry saw the most activity throughout 2023, with telecommunications also suffering persistent attacks. virtually all sectors saw significant growth in attacks in 2023…"
T1498Network Denial of Service
71%
"to follow common human flows. figure 8 : traffic pattern of a retailer under dos attack caused by web scraping bots by removing the ddos traffic we can see that while this one incident dwarfed all other traffic observed during this timeframe. positively identified malicious autom…"
T1498Network Denial of Service
70%
"not attribute the wrong motivations to attacks. it is more likely for a business to be attacked due to it ’ s business activity or political affiliations, rather than the country in which it operates. with all of those caveats out of the way, let ’ s dig in to the details to see …"
T1498.001Direct Network Flood
69%
"regions a saw significant growth in ddos attacks over 2023 with many attacks directly attributable to geopolitical events throughout the year. in particular, banking, software and computer services, and the telecommunications industries all saw dramatic increases in malicious act…"
T1498Network Denial of Service
69%
"seeing more tcp syn floods that anything else. - software and computer services was the most attacked industry in 2023 comprising 36 % of all attacks. telecommunications took second place, followed up support services, bfsi, and media. - telecoms saw the biggest jump in the numbe…"
T1499Endpoint Denial of Service
65%
"june, july, and august of 2023 a major online retailer suffered a number of denial - of - service incidents. the july ddos incident peaked at approximately 16, 000 transactions per second ( tps ), and was a simple http get flood targeting the home page of the retailer. two attemp…"
T1498.001Direct Network Flood
63%
"service with insights from security engineers in the security incident response team ( sirt ) and the threat analytics and reporting ( tar ) teams, we have been able to paint a detailed and insightful picture into the current state of dos attacks being used by threat actors all o…"
T1498Network Denial of Service
63%
"more detailed breakdown of most attacked layers using the mitre att & ck framework for additional detail. the increase in volumetric attacks ( reflection attacks, to be specific ) in q4 of 2023 doesn ’ t detract from the fact that the vast majority of attempted ddos attacks focus…"
T1498.001Direct Network Flood
60%
"comparatively quite months for the media industry with respect to ddos attacks. it is therefore interesting that quarters 1 and 4 had relatively high proportions of application layer attacks ( figure 31 ). this implies that the additional in attacks, seen in april through septemb…"
T1498Network Denial of Service
60%
"##99. 002 ( service exhaustion flood attacks ). figure 10 : mitre att & ck categorization for attacks throughout 2023 having considered attack frequency, attack size, and attack layer, what if we combine all three metrics? it is not until peeling back the layers, so to speak, tha…"
T1498.001Direct Network Flood
59%
"seeing more tcp syn floods that anything else. - software and computer services was the most attacked industry in 2023 comprising 36 % of all attacks. telecommunications took second place, followed up support services, bfsi, and media. - telecoms saw the biggest jump in the numbe…"
T1498.001Direct Network Flood
58%
"to follow common human flows. figure 8 : traffic pattern of a retailer under dos attack caused by web scraping bots by removing the ddos traffic we can see that while this one incident dwarfed all other traffic observed during this timeframe. positively identified malicious autom…"
T1498.001Direct Network Flood
58%
"2024 ddos attack trends introduction the owasp top 10 has not called out denial of service ( dos ) attacks as a top threat to web applications for over twenty years. published way back in 2004, the second owasp top 10 list awarded the number nine spot ( known as a9 ) to “ applica…"
T1498.001Direct Network Flood
56%
"june, july, and august of 2023 a major online retailer suffered a number of denial - of - service incidents. the july ddos incident peaked at approximately 16, 000 transactions per second ( tps ), and was a simple http get flood targeting the home page of the retailer. two attemp…"
T1498Network Denial of Service
56%
"report, dns nxdomain attacks are the preferred attack vector for most threat actors. if you operate your own dns servers which are responsible for resolving the domain names of your public facing sites, it is highly recommend to deploy a dns firewall. a mature dns security soluti…"
T1499Endpoint Denial of Service
53%
"than others. one unfortunate software & computer services firm withstood a staggering 127 attacks over the course of the year. however, this was far from the most attacked organization. one company stole the unenviable crown for most targeted, suffering a whopping 187 individual …"
T1498.001Direct Network Flood
52%
", administration, payroll, and facilities management to other organizations. while the number of incidents focused on this sector remained fairly flat compared with 2022, support services takes a podium finish in 2023. it was the third most attacked sector with 11 % of all incide…"
T1499Endpoint Denial of Service
52%
"2024 ddos attack trends introduction the owasp top 10 has not called out denial of service ( dos ) attacks as a top threat to web applications for over twenty years. published way back in 2004, the second owasp top 10 list awarded the number nine spot ( known as a9 ) to “ applica…"
T1499Endpoint Denial of Service
52%
"##urate the networks delivering the application to users. back in 2022 we saw a steady increase in application layer attacks ( including http ( s ) floods and dns queries ) and this growth peaked at just under 40 % of all attacks by quarter 1 of 2023. over the remainder of 2023 a…"
T1499Endpoint Denial of Service
51%
"is it due to a well planned marketing campaign, an inability to identify and block automation, or a denial of service using the infamous slowloris attack, or perhaps a newer vector such as http / 2 rapid reset. recommendations ddos attacks are clearly here to stay and while many …"
T1498Network Denial of Service
48%
"cert coordination center details vulnerability note vu # 421644 and it is this article that should be used to look for cves against specific http / 2 implementations. 4 loop dos attackers making use of udp floods often benefit from the ability to spoof the source ip address which…"
T1498.001Direct Network Flood
48%
"##3 the global map shown in figure 3 provides a glanceable view of the attacks seen by f5 distributed cloud over the course of 2023. while the number of attacks encountered by each region appears to vary drastically, the frequency of incidents is directly proportional to the numb…"
T1498.001Direct Network Flood
47%
"than others. one unfortunate software & computer services firm withstood a staggering 127 attacks over the course of the year. however, this was far from the most attacked organization. one company stole the unenviable crown for most targeted, suffering a whopping 187 individual …"
T1499Endpoint Denial of Service
47%
"service with insights from security engineers in the security incident response team ( sirt ) and the threat analytics and reporting ( tar ) teams, we have been able to paint a detailed and insightful picture into the current state of dos attacks being used by threat actors all o…"
T1498.001Direct Network Flood
46%
"cert coordination center details vulnerability note vu # 421644 and it is this article that should be used to look for cves against specific http / 2 implementations. 4 loop dos attackers making use of udp floods often benefit from the ability to spoof the source ip address which…"
T1498.001Direct Network Flood
44%
"vectors ( such as nxdomain attacks as well as dns reflection floods ) yet another exploit was revealed for this much beleaguered protocol. just as with the http / 2 based attacks, this method exploits not a vulnerability, but deliberate mechanisms defined within the rfc 1035 spec…"
T1498.001Direct Network Flood
42%
"dive in the numbers later in this report. february 2023 was, in particular, a very quiet month. attack frequency was down considerably, as were the size of attacks. the largest attack seen in february measured only 7 gbps. threat actors recovered quickly, however, with march witn…"
T1499Endpoint Denial of Service
42%
"regions a saw significant growth in ddos attacks over 2023 with many attacks directly attributable to geopolitical events throughout the year. in particular, banking, software and computer services, and the telecommunications industries all saw dramatic increases in malicious act…"
T1498.001Direct Network Flood
41%
"is it due to a well planned marketing campaign, an inability to identify and block automation, or a denial of service using the infamous slowloris attack, or perhaps a newer vector such as http / 2 rapid reset. recommendations ddos attacks are clearly here to stay and while many …"
T1499Endpoint Denial of Service
40%
"##99. 002 ( service exhaustion flood attacks ). figure 10 : mitre att & ck categorization for attacks throughout 2023 having considered attack frequency, attack size, and attack layer, what if we combine all three metrics? it is not until peeling back the layers, so to speak, tha…"
T1557.001Name Resolution Poisoning and SMB Relay
39%
", ranging from 50mbps to 200mbps. application focused attacks rarely result in large amounts of network bandwidth. while 50 - 200mbps attacks sound trivial in nature, the complexity of mitigating these application focused attacks is anything but. by vector digging down one more l…"
T1498.001Direct Network Flood
39%
"servers ( stressors ) and botnets in an attempt to make their voice heard. the software and computer services industry saw the most activity throughout 2023, with telecommunications also suffering persistent attacks. virtually all sectors saw significant growth in attacks in 2023…"
T1499Endpoint Denial of Service
37%
"to follow common human flows. figure 8 : traffic pattern of a retailer under dos attack caused by web scraping bots by removing the ddos traffic we can see that while this one incident dwarfed all other traffic observed during this timeframe. positively identified malicious autom…"
T1499Endpoint Denial of Service
37%
"of 2023 saw law enforcement making significant progress in the battle against ddos - as - a - service providers, the rapid recovery of organized crime and the announcement of new dos attack vectors means that the relative calm was short lived. one step forward : global takedowns …"
T1498Network Denial of Service
37%
"drop in the number of incidents targeting them. those industries with the most incidents are not always the same ones defending from the largest of attacks. figure 14 shows that the support services industry withstood the largest attack of 2023, weighing in at 1tbps. the support …"
T1499Endpoint Denial of Service
36%
"##3 the global map shown in figure 3 provides a glanceable view of the attacks seen by f5 distributed cloud over the course of 2023. while the number of attacks encountered by each region appears to vary drastically, the frequency of incidents is directly proportional to the numb…"
T1498Network Denial of Service
36%
"peak bandwidth. the mean peak - bandwidth saw a dramatic rise from 50 mbps in january to 5 gbps by december. the largest attack occurred in june, measuring just under 500 gbps ( see figure 35 ). the software and computer services industry was the most frequently targeted, mirrori…"
T1499Endpoint Denial of Service
35%
"high website ranking attract more ddos attacks? are small organizations ( typically found toward the bottom of the world ’ s 1 million most popular sites ) out of sight and, therefore, out of mind? ( see methodology in the appendix to understand how we rank sites ). these are the…"
T1498.001Direct Network Flood
34%
"##urate the networks delivering the application to users. back in 2022 we saw a steady increase in application layer attacks ( including http ( s ) floods and dns queries ) and this growth peaked at just under 40 % of all attacks by quarter 1 of 2023. over the remainder of 2023 a…"
T1498.001Direct Network Flood
33%
"more detailed breakdown of most attacked layers using the mitre att & ck framework for additional detail. the increase in volumetric attacks ( reflection attacks, to be specific ) in q4 of 2023 doesn ’ t detract from the fact that the vast majority of attempted ddos attacks focus…"
T1498.001Direct Network Flood
31%
"of 2023 saw law enforcement making significant progress in the battle against ddos - as - a - service providers, the rapid recovery of organized crime and the announcement of new dos attack vectors means that the relative calm was short lived. one step forward : global takedowns …"
T1498.001Direct Network Flood
31%
"##99. 002 ( service exhaustion flood attacks ). figure 10 : mitre att & ck categorization for attacks throughout 2023 having considered attack frequency, attack size, and attack layer, what if we combine all three metrics? it is not until peeling back the layers, so to speak, tha…"
T1071.004DNS
30%
", ranging from 50mbps to 200mbps. application focused attacks rarely result in large amounts of network bandwidth. while 50 - 200mbps attacks sound trivial in nature, the complexity of mitigating these application focused attacks is anything but. by vector digging down one more l…"

Summary

Unveiling the rise of Hacktivism in a tense global climate.