Q4 2018 Threat Report

Thanks to the eradication of 15 of the world’s biggest “Booters” (DDoS-for-hire websites), the
web-based services designed for customers to launch distributed denial-of-service attacks against
sites on demand, by the FBI in December 2018, the number of attacks as well as the maximum and
average attack sizes decreased by 10.99%, 23.91%, and 85.36%, respectively, year-over-year (YoY).

Conversely, due to the continued exploitation of the “Bit-and-Piece” technique carried over from the
previous quarter, the number of attacks and the maximum and average attack sizes increased by
36.08%, 49.15%, and 3.75%, respectively, quarter-on-quarter (QoQ). Widely adopted in Q3 2018, the
“Bit-and-Piece” tactic avoids detection by contaminating legitimate traffic across hundreds of IP
prefixes with small-sized junk.

Q4 2018 also saw conventional attacks like UDP, TCP SYN, and ICMP drop significantly on a YoY
basis. However, SSDP Amplification attacks — the most popular “Bit-and-Piece” attack vector —
increased by 3,122.22% YoY and 91.21% QoQ. Moreover, attackers were more persistent than before,
as evidenced by a month-long attack case in which the target was hit by as many as 13 attacks a day
for 28.95 minutes and 1493.93 minutes throughout most days of December.