IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

DDoS attacks become more severe, 'carpet bombing' poses major challenge

By Catherine Knowles
Thu 11 Nov 2021

DDoS attacks are a more serious threat in Q3 2021 than ever before. The flood of attacks is constant and the incidents prove to be bandwidth-intensive and complex, with operators of digital infrastructures particularly targeted.

This is according to new data from from Link11's network on the development of the DDoS threat.

According to Link11, after Q2 2021 had already shown an increase of 19% compared to the same period of the previous year, the number of attacks rose by another 17% in Q3.

In addition to the worsening of the threat situation in terms of the number of attacks, the increase in attack bandwidths and the rising complexity in attack techniques are also noticeable.

Link11's Security Operation Centre (LSOC) registered an increasing number of high-volume attacks. In 130 attacks, the maximum attack bandwidth exceeded 50 Gbps.

In addition, the maximum bandwidth more than doubled, by 159 %, compared to the same period last year. The largest attack was stopped at 633 Gbps.

Furthermore, the attacks on the same customer added up to 2.5 Tbps within 120 minutes.

While single attack methods are declining, multi-vector attacks are becoming the norm in the DDoS threat landscape, Link11 finds.

The proportion of multi-vector attacks targeting multiple protocols and vulnerabilities, and thus different layers, increased significantly from 62% in Q2 2021 to 78% in Q3 2021, according to the data.

This development poses major challenges to many protection concepts that only focus on one layer or specific attack vectors and pushes them to their limits, the analysts state.

Key figures from the Link11 network on the DDoS threat situation in Q3 2021 include the following:

  • The number of attacks continued to increase, with a 17% increase in the number of attacks compared to Q3 2020.
  • The increase in the number of attacks amounted to more 1,000%, if 'carpet bombing' attacks are no longer counted as a whole, but as thousands of individual attacks.
  • The attack bandwidths remained very high, with the largest attack stopped at 633 Gbps. In addition, there were more than 100 attacks with more than 50 Gbps peak bandwidth.
  • The figures also reveal an increasing complexity of attack patterns, with 78% of attacks multi-vector attacks combining several techniques.
  • Misused cloud servers were used as DDoS weapons. In every third DDoS attack (33%), the attackers relied on cloud instances.

As mentioned above 'carpet bombing' attacks are evolving into a major challenge for hosting and cloud providers, ISPs and carriers, Link11 finds.

These attacks are technically complex. The data traffic per IP address is so low that many protection solutions do not recognise them as an anomaly, meaning attacks often fly under the radar.

In addition, the attacker does not direct the DDoS traffic to a specific system or server. Not only one IP address is attacked, but an entire network block with several hundred or thousand addresses. According to LSOC's assessment, this form of attack has reached a new level of quality.

Link11 finds that for an inadequately protected hosting provider whose core business is operating servers, it is almost impossible to mitigate such 'carpet bombing'.

Link11 managing director Marc Wilczek says, "Although carpet bombing attacks seem to primarily target hosting and cloud providers, ISPs and carriers, their potential impact should not be underestimated.

"Attackers are intentionally targeting operators of basic digital infrastructures. When these infrastructures go offline, the connected business and working infrastructures of their customers go offline along with them.

"Therefore, there is no reason to give the all-clear. As the phenomenon becomes more prevalent, it is rather a matter of time before other sectors of the economy are confronted with it as well."

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Australian consumers loyal to retailers who deliver speed and visibility
SOTI finds extensive order visibility and speed are the most important factors for turning one-off customers into loyal, long-term buyers.
Story image
Ivanti puts spotlight on power of employee digital experiences
The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe this impacts morale.
Story image
Artificial Intelligence
Juniper study reveals top AI trends in APAC region
Juniper's research shows an increase in enterprise artificial intelligence adoption over the last 12 months is yielding tangible benefits to organisations.
Story image
Zero trust security adoption rises 27% in just two years
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
Story image
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
Stock security features inadequate in face of rising risk
"Organisations must proactively find ways of identifying unseen vulnerabilities and should take a diligent, holistic approach to cybersecurity."
Story image
Vertiv releases updates on ESG initiatives, sets sights on future
Vertiv has released its inaugural environmental, social and governance (ESG) report, the company’s first public report of its ESG activities.
Story image
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Story image
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Digital Transformation
Google Cloud launches new Digital Accelerator bundles for Aussie SMBs
The new bundles are designed to help Australian small and medium-sized businesses embrace digital transformation and take their businesses online.
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Hybrid workforce
How organisations can prepare for a post-pandemic workforce
The so-called 'new normal' office looks different to how it did pre-pandemic, and organisations need to take steps to better manage their post-pandemic workforce. 
Story image
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Microsoft names A/NZ Partner of the Year award winners
The awards recognise partners across the globe for their innovative use of Microsoft technologies to help customers succeed.
Story image
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Internet of Things
ManageEngine wins big in IDC MarketScape assessment
ManageEngine's Endpoint Central service has been recognised as a leader by IDC MarketScape in several categories including Internet of Things device deployments and UEM software for SMEs.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
New study reveals 51% of employees using unauthorised apps
The research shows that 92% of employees and managers in large enterprises want full control over applications, but they don't have it.
Story image
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Online shopping
Consumers want speed, visibility in return for brand loyalty
72% of Australian shoppers want complete online order visibility and 63% are loyal to retailers who deliver goods the fastest.
Story image
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Cloud Security
Palo Alto Networks bolsters cloud native security offerings
Latest Prisma Cloud platform updates help organisations continuously monitor and secure web applications with maximum flexibility.
Story image
Identity and Access Management
Ping Identity named a Leader in Access Management
Ping Identity has been named a leader in the 2022 KuppingerCole Leadership Compass report for Access Management. 
Story image
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
ASI Solutions named finalist of Microsoft Surface Partner of the Year
"ASI Solutions has a strong Microsoft focus, building value by helping customers maximise investment in modern workplace solutions."
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Video: 10 Minute IT Jams - An update from CyberArk
Olly Stimpson joins us today to discuss the importance of MSP programmes and how MSP partners are experiencing success with CyberArk.
Story image
Hybrid Cloud
Advent One acquires Layer 8 Networks, complements hybrid cloud offering
The acquisition comes at a time of surging demand in hybrid cloud, network virtualisation and network security.
Story image
Forescout reveals top vulnerabilities impacting OT vendors
Forescout’s Vedere Labs has disclosed OT: ICEFALL, naming 56 vulnerabilities affecting devices from 10 operational technology vendors.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Mergers and Acquisitions
SAS acquires Kamakura to propel risk technology innovation
Underscoring SAS growth in the domain-specific solutions space, the acquisition will enable SAS to greatly enhance the breadth of its risk solutions portfolio. 
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Sutton Tools deploys Infor M3 CloudSuite for manufacturing
Sutton Tools has also implemented the Infor OS cloud operating platform, including Infor Intelligent Open Network and Mongoose.
Story image
Robotic Process Automation / RPA
Salesforce announces latest generation of MuleSoft
Salesforce has introduced the next generation of MuleSoft, a unified solution for automation, integration and APIs to automate any workflow.
Story image
State Library of Victoria
State Library of Victoria entrusts Oracle support and security to Rimini Street
“Our finance team are very happy with the support and security that Rimini Street provides, which keeps our assets and our customers secure."
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.