NexusGuard Q3 2018 Threat Report

Key Observations

The maximum attack size increased 139.84% YoY (Year-over-Year) to 118Gbps, but was down 67.13% QoQ (Quarter-on-Quarter). The average size decreased 81.97% YoY and 96.31% QoQ. As
threats eased off from last summer’s World Cup peak, total attacks decreased 45.25% YoY and 50.92% QoQ, respectively.

A new development: CSP (Communication Service Provider) networks — especially those at the ASN level — were hit by a stealthy, new volumetric attack whereby attackers contaminate legitimate traffic
across hundreds of IP prefixes (some 159 ASNs, spanning 527 Class C networks, based on our findings) with small-sized, junk in order to bypass detection. As a consequence, both maximum and average attack sizes decreased measurably YoY.

By attack vector, SSDP Flood attack counts increased most noticeably, growing more than six-fold
from the preceding quarter (more than 120% YoY). We believe the unconventional rise in SSDP
Amplification is a result of the new attack pattern targeting CSPs. This pattern also caused the
average attack size per IP to fall to only 0.972Gbps during Q3.