Most DDoS attacks originate from fewer than 50 hosting cos: Nokia Deepfield analysis

The continued surge in intensity, frequency and sophistication of DDoS (distributed denial of service) attacks have resulted in a 100% increase in the "high watermark levels" of DDoS daily peaks (from 1.5 Tbps in January 2020 to over 3 Tbps in May 2021) and most global DDoS attacks (by frequency and traffic volume) originate in less than 50 hosting companies and regional providers, shows Nokia Deepfield global analysis which examined service provider network traffic encompassing thousands of routers on the internet in the past 15 months.

Based on a large global sample of service providers - ranging from companies that provide global transit and residential broadband services to regional providers, Content Delivery Networks (CDNs), webscale and hosting companies - Nokia Deepfield's DDoS traffic analysis identifies the threat potential for possible DDoS attacks over 10 Tbps, four to five times the scale of largest attacks reported so far (just above 2 Tbps), due to the rapidly growing number of open and insecure internet services and IoT devices.

"It is equally important for every participant in the network security ecosystem – end-users, vendors, service providers, cloud builders, regulators and governments – to understand the dangers DDoS poses to the availability of internet content, applications and critical connectivity services," noted Dr Craig Labovitz, CTO, Nokia Deepfield.

The Nokia Deepfield Defender leverages big data analytics and security-related insight to accurately detect DDoS threats in real-time and delivers an intelligent and automated approach to thwart and minimize the security risks associated with a new generation of DDoS threats and attacks.

It draws insights from Deepfield Security Genome, a unique knowledge base that contains up-to-date information about billions of internet endpoints and data flows, to accurately and rapidly detect hosts, botnets and IoT devices involved in active attacks.

The findings of the Nokia Deepfield global analysis were presented by Dr Craig Labovitz at the NANOG82 conference.