Increase in DDoS Attacks Has CSPs Scrambling

CharlieK Headshot

Blog Post by Charlie Kraus, Senior Product Marketing Manager

February 17, 2021

DDoS attacks have not only increased in the past year, but they’ve also migrated to a new form—known as bit-and-piece attacks—that is undetectable by traditional methods. Bypassing threshold detection techniques, bit-and-piece DDoS attacks can bring networks to a halt with much lower traffic volumes than other forms of denial-of-service attack.


DDoS Attacks are Evolving

Before discussing bit-and-piece attacks, we first need to contextualize them in terms of traditional DDoS attacks, which rely on a high traffic volume from many sources. Usually, this means taking over a few thousand computers or IoT devices, then directing them to send web traffic to a website or application all at the same time. If this traffic volume exceeds the website or application’s capacity to process the incoming requests, the website or application becomes unavailable to legitimate users.

In practice, three things have happened that have made these attacks less viable over the last few years (until 2020).

  • 1. First, major internet and technology companies view DDoS attacks as a public nuisance and will gladly cooperate with international police agencies in order to have them shut down. In 2018, Chinese authorities arrested a group charged with creating a botnet containing over 200,000 infected websites. In October, Microsoft organized authorities in 35 countries and took down a botnet that spanned nine million computers. Basically, it’s becoming more dangerous to be a DDoS attack service.
  • 2. Companies have gotten better at mitigating DDoS attacks. In June 2020, attackers launched the largest DDoS attack ever recorded, achieving a traffic volume of 2.3 terabytes per second. Aimed at Amazon’s AWS service, the attack would have taken down much of the internet had it succeeded—but it didn’t. Amazon breezed through it. Arbor Networks, the target of the next-biggest DDoS attack in history, was able to mitigate that as well.
  • 3. DDoS attacks are harder to monetize than others (ransomware, for example). Many DDoS attackers specialize in what’s known as DDoS for hire, which means that they bribed someone’s website out of commission. Because of the risks involved, however, many of these services shut their doors.

2020 made DDoS attacks viable again because so many companies—including many which hadn’t thought much about security in the past—suddenly needed to go remote. Remote workers are much more vulnerable to DDoS attacks, which meant that these attacks surged again. Out of this surge, the innovation known as bit-and-piece was born.


Bit-and-Piece DDoS Attacks Take Down Networks Without Using High Traffic Volumes

Bit-and-piece DDoS attacks increased significantly in 2020, but without breaking any traffic records as far as DDoS attacks are concerned. Quite the opposite—almost half of these DDoS attacks are just 30MBps or less, orders of magnitude smaller than the record-breaking attacks mentioned above. These attacks still succeed in bringing down networks without massive traffic volumes—how do they do it?

The first thing to note is that this kind of attack has been targeted primarily against communications services providers (CSPs) and is much more targeted than other DDoS attacks. Instead of using vast amounts of junk traffic from thousands of computers, bit-and-piece attacks use legitimate traffic targeted at widely dispersed IP ranges with just a small amount of junk folded in.

Because the overall volume of junk traffic is small, the usual detection methods don’t register it as a threat. Nonetheless, this small amount of traffic can do a lot of damage. Each targeted IP range belongs to just one service provider. Each piece of junk data takes work to clean out of the data stream, and some CSPs have less capacity than others. If an attacker targets the right CSP, they’ll be forced to devote all their resources to cleaning their traffic, which usually means taking their network offline.

Because this attack evades traditional detection methods, there are very few ways for CSPs to respond to this kind of threat. Some of them don’t have the budget to devote more resources to cleaning bad traffic, and others can’t hire additional security experts to inspect traffic at a more granular level. For most, the best recourse is to failover to a CDN as soon as a bit-and-piece DDoS attack starts to take down their networks.

For more information about how Limelight Networks can defend your website against DDoS attacks with DDoS mitigation, check out more details here and contact us today!