Largest DDoS-for-hire Websites Responsible for 11 Percent of Attacks Worldwide, According to Nexusguard Threat Report

The FBI’s shutdown of the world’s 15 largest DDoS-for-hire “booter” websites in December resulted in 85 percent decrease in average attack sizes, year-over year


SAN FRANCISCO, UNITED STATES - Media OutReach - 25 March 2019 - The Nexusguard "Q4 2018 Threat Report"
revealed that the FBI's shutdown of the 15 largest distributed
denial-of-service (DDoS) for hire vendors ("booters") reduced the overall
number of attacks worldwide by nearly 11 percent compared to the same period
last year. Along with the fewer total attacks, the average size decreased by 85
percent as did the maximum attack size by 24 percent, indicating the FBI
crackdown was effective in reducing the global impact of DDoS attacks. However,
the managed DDoS mitigation service provider believes that booter websites are
poised to make a comeback despite the crackdown due to growing botnets and
incessant demand for DDoS-for-hire services.

The quarterly report, which measures thousands
of DDoS attacks around the world, showed that DDoS-for-hire websites represent
the legal loopholes from website and network ownership, as well as IoT devices
and rapidly changing infrastructure that allows hackers to exploit
vulnerabilities before owners or manufacturers can thwart them. These booters
were alleged to have been responsible for generating more than 200,000 DDoS
attacks since 2014. Despite the effective crackdown by federal law enforcement
on these sites in December 2018, Nexusguard researchers warns that
organizations should remain vigilant as other booter services may rise to take
their place and attack volume will revive.

"Seizing command-and-control servers, booters
and other resources has been a big part of the FBI's fight against cybercrime,
but this shutdown only scratches the surface of a global problem," said Juniman
Kasman, chief technology officer for Nexusguard. "While booters are visible
targets, businesses must also manage the vulnerabilities that stem from
unpatched hardware and software, human error and new attack methods, especially
as the footprint of IoT expands."

More than 90 percent of DDoS attacks rated
smaller than one Gbps in size. "Bit-and-piece" attacks continued from last
quarter into Q4, employed in many campaigns regardless of the vector utilized.
Bit-and-piece attacks beat detection thresholds in that the targeted IP address
receives only a small number of responses in each organized campaign, leaving
little or no trace. Black-holing all traffic to an entire IP prefix is a costly
approach, due to the tactic blocking access to various legitimate services.

Other report findings show:

  • HTTPS attacks ranked third highest
    in attack popularity, compared to user datagram protocol (UDP) and simple
    service discovery protocol (SSDP) attacks. An unusual pattern of frequently
    repeated HTTPS attacks was observed against one customer, occurring nearly
    every day in December and up to 13 times in one day, demonstrating the
    attacker's commitment to disrupting the target's network for all of December,
    the busiest time of year for retail and entertainment businesses
  • Attack durations increased more
    than 175 percent to more than 450 minutes on average compared to last year.
    Attacks in the quarter were routinely targeted to occur during peak service
    hours for maximum disruption.
  • China held its lead as source of
    DDoS attacks, with 23 percent of attacks originating in the country and 18
    percent originating in the United States.

Nexusguard's quarterly DDoS threat research
measures attack data from botnet scanning, honeypots, communications service
providers (CSPs) and traffic moving between attackers and their targets to help
companies identify vulnerabilities and stay informed about global cyber
security trends. Read the full "Q4 2018 Threat Report"
for more details.


About Nexusguard

Founded in 2008, Nexusguard is a leading
cloud-based distributed denial of service (DDoS) security solution provider
fighting malicious internet attacks. Nexusguard ensures uninterrupted internet
service, visibility, optimization and performance. Nexusguard is focused on
developing and providing the best cybersecurity solution for every client
across a range of industries with specific business and technical requirements.
Nexusguard also enables communication service providers to deliver DDoS
protection solution as a service. Nexusguard delivers on its promise to provide
you with peace of mind by countering threats and ensuring maximum uptime. Visit
for more information.

To Top