DDoS attacks officially enter the Tb era Tencent Cloud relea

  ddos防御     |      2023-04-17 11:09

Based on long-term service experience and diversified business ecosystem, Tencent Cloud has further consolidated its dominant position in the pan-Internet industry. Among them, in games, e-commerce,videoCloud traffic and information social TOP customers rank first in market share. At the same time of rapid development, business threats are also rising. The report makes a comprehensive analysis of Tencent's DDoS attacks in the pan-Internet industry in 2018 from the aspects of peak size, growth trend, attack tactics, attack sources and industry distribution, and gives suggestions for pan-Internet enterprises in protection dilemma.

DDoSAttack peak enters Tb Era

The report shows that the peak of DDoS attacks in 2018 has entered the Tb era. According to Tencent cloud monitoring data, last year's peak attack was 1.23 Tbps (up 121% year-on-year), and the industry's peak attack reached an astonishing 1.94 Tbps.

Such a large amount of attack traffic only needs very low cost, which can be called "cabbage price". Take the attack of 10Gbps for example, which can be caused by the price of a pack of melon seeds.The serverOffline, affect the normal network communication. Even attacks that can cause network congestion in small and medium-sized cities over 300 Gbps cost only 10,000 yuan a day.

Of course, low costs do not mean low returns. In order to attack competitors maliciously, some enterprises will employ black gangs to launch DDoS attacks on competitors'websites. Black gangs make huge profits and make more than 10,000 yuan a day. If the gangs use DDoS attacks as a means of extortion, the victims will have to pay more than 100,000 yuan, which is a huge expense for any enterprise.

Intelligent trend of black production is obvious

According to the Report, DDoS attacks are characterized by intelligence, platform and industrialization. In the past, if an attacker wants to launch an attack, he needs to have certain hacker skills and be familiar with some broilers, guarantors and other "middlemen". With the emergence of intelligent attack platform, the attacker does not need profound professional knowledge, and can launch an attack of three to five minutes with a click of the mouse, and nearly 70% of such attacks have become the "culprit" that troubles enterprises. "

The number of attacks also shows a high-speed growth trend. Last year, the number of attacks on DoS by enterprises increased by 27% year on year. The total length of attacks exceeded 300 million seconds, equivalent to 11 years. Among them, the most attacks occurred in April and in January and August. By tracing the source of the attacks, we found that more than 70% of these targets are located in China.

Holidays are also the main time points for DDoS attacks. According to statistics, the peak attacks on New Year's Eve, Dragon Boat Festival, National Day and other important holidays and rest days are far higher than usual; and on New Year's Day, Qingming Festival and Mid-Autumn Festival, the number of attacks has increased several times as usual. While celebrating the festival, the majority of enterprises must not take DDoS attacks lightly.

New attack techniques emerge in endlessly

In January this year, a new type of Memcached reflection amplification attack broke out, with 1.7 Tbps of super high traffic. Subsequently, new attack methods, such as IPMI reflection, TCP reflection and RPCBind reflection, appeared one after another and gradually became active, while DNS reflection has frequently appeared in super-large traffic attacks since July.

The report shows that the traditional SSDP reflection still occupies the first place in the number of reflectors, reaching 697,000. DNS reflex, SNMP reflex, NTP reflex and other reflex attack techniques "shine brilliantly", the proportion of reflex attack methods increased. It is worth mentioning that because of its magnification effect up to 50,000 times, hackers not only use open servers on the Internet, but also build Memcached services on their intruded servers to launch attacks. Memcached reflex amplification attack has become the "MVP" in the eyes of black mothers for 18 years.

In addition, in terms of attack sources, IP is mainly distributed in the eastern coastal provinces, with Jiangsu, Zhejiang and Guangdong ranking the top three.

The game industry has been hit hard