Bit-and-piece DDOS attacks skyrocket in 2021

Small, bit-and-piece distributed denial of service (DDOS) attacks soared by 233% in the first half of this year.

This was one of the findings of Nexusguard researchers’ Threat Report FHY 2021.

Bit-and-piece attacks are designed to evade detection by targeting ASN-level CSP networks via dispersing small pieces of junk traffic across a wide range of IP addresses and across hundreds of IP prefixes.

According to Nexusguard, as the pandemic continued into 2021, attackers played around with novel attack patterns to bypass signature-based detection methods. In the first half of the year, over 99% of all DDOS attacks were smaller than 10Gbps, as the company had predicted the year before.

“These small, nimble attacks can cripple CSPs and ISPs as they leave detection to threshold or signature-based methods alone," Nexusguard said, adding that threat actors will carry on diversifying their approaches with these types of attacks to bring down target networks and infrastructures.

Over 95% of attacks were smaller than 1Gbps, the researchers said. Instead of committing large bandwidth attacks against their victims, malefactors launched attacks that employed high packet-rate loads of small-sized traffic from freely available and relatively cheap DDOS-for-hire services, with the aim of evading DDOS mitigation detection systems.

Attackers played around with novel attack patterns to bypass signature-based detection methods.

Nexusguard

Juniman Kasman, CTO of Nexusguard, said the level of intricacies behind CSP networks means they generally enable all types of traffic to pass through, which allows smaller or spoofed types of attacks to happen undetected.

“Behavioral detection and mitigation approaches are strongly recommended for targeted networks since they can compare peacetime with battles and take a wider range of factors into consideration than anomalous thresholds or attack signatures,” he said.

Moroever, traffic spoofing and UDP-style attacks were popular in the first half of 2021, with Nexusguard noting a 84% increase in these attacks compared to the previous six months.

A UDP attack is a type of DOS attack in which a large number of user datagram protocol packets are sent to a targeted server with the intention of flooding it, and overwhelming its ability to process and respond.

Nexusguard noted several types of UDP attacks in use, one of which could cause what it theorised in recent research are “Black Storm” attacks. These, unlike DDOS amplification attacks that rely on DNS servers or other similar open services to interrupt connectivity, can leverage any device connected to the Internet.

Researchers warned that the volume from one Black Storm attack could terminate medium to large-sized enterprises in a clean sweep and severely cripple a large-scale CSP network.