The new report offers in-depth insights into the current DDoS threat situation in Central Europe. Among the key findings from the report:
The distribution of DDoS attacks fluctuated over the 2nd and 3rd quarter. The strongest day in terms of DDoS was the 16th of July, which saw 717 attacks. On the calmer side, on the 15th of May the LSOC encountered only 30 attacks. DDoS attackers were particularly active on weekends. Every 3rd attack started on a Saturday (17.1%) or Sunday (15.5%).
Like the number of attacks, the total attack duration has increased. From 1,353 hours in the 1st quarter, the total rose to 2,003 hours in the 2nd quarter and reached a record 5,021 hours in the 3rd quarter. At 371.0%, the total duration from the 1st to the 3rd quarter grew more strongly than the attack rate of 234.1%.
The bandwidth record for both quarters was 83.1 Gbps. In the 11 additional major attacks, the volume was between 40 and 80 Gbps. The average attack power increased from 1.5 Gbps in Q2 to 1.9 Gbps in Q3 2017. This is more than enough to cripple the internet connection of most organizations without an appropriate DDoS protection. In 2016, only 34% of businesses in the European Union had a broadband connection of more than 30 Mbps.*
In the 2nd and 3rd quarters of 2017, the attack vector CLDAP stood out. CLDAP reflection amplification exploits the Connectionless Lightweight Directory Access Protocol (CLDAP) on port 389/UDP. Attacks of this kind are a daily occurrence in Central Europe. During the 3rd quarter, the total number of attacks with this vector amounted to 1,038 attacks. In the 2nd quarter, 658 attacks abused CLDAP. The first DDoS attack using CLDAP in Central Europe was detected by the LSOC on October 17, 2016.
You can download the full Link11 DDoS report with comprehensive data and detailed analyses on the Link11 website for the DDoS report .
*Statistisches Bundesamt (Federal Statistical Office): Schnelles Internet bei Unternehmen: Deutschland 2016 weiter im EU-Mittelfeld