Craig Lusher from our product team reviews the latest attack data with the intensity of attacks peaking in July and with one customer being hit 98 times over the three-month period
The third quarter of 2023 saw a significant reduction in DDoS attacks launched against Continent 8 customers.
The total number of attacks hit 359 during the period, down from 1,106 in Q2 where there was a continuation of the tumultuous adverse events that marked December 2022 with a well-orchestrated campaign that coincided with the World Cup and the festive holidays.
This saw Continent 8 defend 3,367 separate DDoS in the fourth quarter of 2022 alone.
In the third quarter of 2023, the intensity of attacks peaked in July with 195 separate incidents recorded. This was followed by August with 112 and September with 52. Over the three months, 24 unique customers were attacked making it a widespread issue rather than being isolated to a few customers.
On average, each customer faced 15 attacks in Q3, but one customer was subject to 98 attacks indicating a targeted effort and underscoring the need for all organisations to have specialised protective measures in place.
When it comes to the characteristics of attacks, there was great cause for concern with the largest attack hitting a staggering 149.7Gbps which could potentially cripple the most robust networks. The average size of attack was 2.27Gbps – manageable but not negligible.
The highest Peak Packets Per Second (PPS) recorded was 14.6 Mpps, and while this was substantially down on the 317 Mpps recorded in May 2023, it still indicates the scale of some of the attacks launched against Continent 8 customers during the quarter.
This highlights the importance of considering not just the throughput but also the volume of Packets Per Second because even low throughput attacks could involve millions of packets per second, threatening network equipment rather than just internet bandwidth.
This is why it’s vital to take a multi-layered approach to cybersecurity so that systems, networks and data are properly protected from different types of attack at a time when the volume and length of attacks remain high.
One customer was subject to an attack lasting more than 20 hours – so close to a full day. This shows the persistence of attackers. That said, the average attack duration during Q3 was 0.76 hours which comes to about 45 minutes.
This suggests most attacks were aiming for quick disruptions rather than prolonged engagement. Again, this is different to the previous quarter where the longest attack lasted an astounding 800 hours.
Interestingly, there were no attacks exceeding 1 Tbps, but there were four attacks exceeding 100 Gbps and four more in the range of 10-100Gbps. The majority of attacks – 350 altogether – were under 10 Gbps. This compares to a peak attack size of 560 Gbps in Q2.
When it comes to repeat attacks, 10 customers were hit for a second time in a 24-hour period – interestingly, in Q2 there were no instances of customers suffering repeat attacks within 24 hours – so this marks the return of attackers going after the same target multiple times.
The stats for the period from 1 July 2023 to 30 September 2023 relate to our customers based in different locations around the world. Key highlights include:
- Blocked 359 DDoS attacks.
- Longest sustained attack was 20 hours.
- 10 customers had repeat attacks within a 24-hour period.
- One customer was hit with 98 attacks over the three-months.
- Average attack size hit 2.3 Gbps.
- Peak attack size reached 149.7 Gbps.
- Peak packets per second hit a record 14.6 Mpps.
This quarter’s results show that attack tactics have changed once again with attack size reducing but with significant Packets Per Second being delivered via attacks.
This means that the threat has changed somewhat from earlier in the year – ensuring internet bandwidth is always vital but now more than ever organisations need to protect their network equipment and systems.
There has been a lot of discussion around the changing cyber threat landscape, but this quarter’s stats show that action is crucial if organisations are to ensure resilience and mitigate an attack which is now a case of when and not if.
Continent 8’s DDoS protection
Our solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Our proven platform is one you can rely on with a capacity only matched by the largest DDoS providers on the planet. Learn more about our DDoS solutions here or contact Craig via craig.lusher@continent8.com
