Booters, Stressers and DDoSers

The Nexusguard “Q4 2018 Threat Report” revealed that the FBI’s shutdown of the 15 largest
distributed denial-of-service (DDoS) for hire vendors (“booters”) reduced the overall number
of attacks worldwide by nearly 11% compared to the same period last year.

Along with the fewer total attacks, the average size decreased by 85% as did the maximum
attack size by 24%, indicating the FBI crackdown was effective in reducing the global impact
of DDoS attacks. However, the managed DDoS mitigation service provider believes that
booter websites are poised to make a comeback despite the crackdown due to growing
botnets and incessant demand for DDoS-for-hire services.

The quarterly report, which measures thousands of DDoS attacks around the world, showed
that DDoS-for-hire websites represent the legal loopholes from website and network
ownership, as well as IoT devices and rapidly changing infrastructure that allows hackers to
exploit vulnerabilities before owners or manufacturers can thwart them. These booters were
alleged to have been responsible for generating more than 200,000 DDoS attacks since
2014. Despite the effective crackdown by federal law enforcement on these sites in
December2018, Nexusguard researchers warns that organizations should remain vigilant as
other booter services may rise to take their place and attack volume will revive.

More than 90% of DDoS attacks rated smaller than one Gbps in size. “Bit-and-piece” attacks
continued from last quarter into Q4, employed in many campaigns regardless of the vector
utilized. Bit-and-piece attacks beat detection thresholds in that the targeted IP address
receives only a small number of responses in each organized campaign, leaving little or no
trace. Black-holing all traffic to an entire IP prefix is a costly approach, due to the tactic
blocking access to various legitimate services.

Other report findings show:

HTTPS attacks ranked third highest in attack popularity, compared to user datagram protocol
(UDP) and simple service discovery protocol (SSDP) attacks. An unusual pattern of
frequently repeated HTTPS attacks was observed against one customer, occurring nearly
every day in December and up to 13 times in one day, demonstrating the attacker’s
commitment to disrupting the target’s network for all of December, the busiest time of year for
retail and entertainment businesses
Attack durations increased more than 175% to more than 450 minutes on average compared
to last year. ip stresser Attacks in the quarter were routinely targeted to occur during peak
service hours for maximum disruption.
China held its lead as source of DDoS attacks, with 23% of attacks originating in the country
and 18 percent originating in the United States.
Nexusguard’s quarterly DDoS threat research measures attack data from botnet scanning,
honeypots, communications service providers (CSPs) and traffic moving between attackers
and their targets to help companies identify vulnerabilities and stay informed about global
cyber security trends. Read the full “Q4 2018 Threat Report” for more details.