Data from the Lumen Technologies Q3 DDoS Report, released recently reveals that three fundamental metrics – quantity, size and complexity of DDoS attacks – all increased in the third quarter of 2021.
To compile these findings, the security team at Lumen analyzed intelligence from Black Lotus Labs – the company's threat research arm – and attack trends from the Lumen DDoS Mitigation Service platform, which integrates countermeasures directly into the company's extensive and deeply peered global network.
Lumen claims that it mitigated 35% more attacks in Q3 than in Q2.The largest bandwidth attack scrubbed in Q3 was 612 Gbps – a 49% increase over Q2 – and the largest packet rate-based attack scrubbed was 252 Mpps – a 91% increase.The longest DDoS attack period Lumen mitigated for an individual customer lasted 14 days. For the first time, 28% of multi-vector mitigations involved a complex combination of four different attack types, including DNS amplification, TCP RST, TCP SYN-ACK amplification and UDP amplification.
Like Q2, the top two verticals targeted in the 500 largest attacks in Q3 were Telecom and Software/Technology; the Retail vertical, which did not make the top 3 in Q2, was the third most attacked industry in Q3.
IoT DDoS Botnets
Although Lumen observed a 26% decrease in unique C2s for Gafgyt and Mirai – two predominant IoT botnet families it continually monitors – the company observed more than 217,000 DDoS botnet hosts globally. This represents a 45% increase over Q2 and the most seen all year.Lumen tracked more than 2,100 C2s globally. The countries with the most C2s were (in order): China, United States and, tied for third, Taiwan and the Netherlands.
Mark Dehus, Lumen director of information security and threat intelligence
DDoS attacks are rampant, and the frequency doesn't seem to be slowing down. If anything, attacks are evolving to use more complex methods, and are being aimed at services such as voice that have not typically been targets in recent years.
