Professional Documents
Culture Documents
TeliaCarrier DDoS Threat Landscape Report 2021 Final-2
TeliaCarrier DDoS Threat Landscape Report 2021 Final-2
LANDSCAPE REPORT
2021
2 DDoS Threat
Landscape Report
Executive summary
Increase mirrorS the main More multi-vector attacks Number of attacks DNS & NTP amplification
DDoS attacks waves of the pandemic and Extortion threats is proportional to size
• DNS and NTP amplification attacks
continue to increase, • Customers didn’t just feel the pain of customer base
• We saw a natural increase in were the most common attack
with ever greater mitigated traffic during 2020 – of more attacks but had to deal with • Geographically speaking there was vector in 2020. Average packet
network impact – consistent with greater customer more multi-vector attacks to boot – a direct relationship between the length increased during 2020 and
the largest attack adoption of our DDoS protection fueling greater reliance on auto- size of our IP customer base and attack vectors have shifted from
in 2020 hit 1.18 Tbps service, but we also observed more mitigation. Our IP customers also the overall number of attacks small packet SYN attacks to larger
attacks targeting our customers in experienced a significant increase in across different regions – more packet attacks with amplification.
– up 50% from the
general. These appear to have threats and extortion-based attacks. customers meant more DDoS.
previous year
mirrored the main waves of the This can be partly attributed to the
pandemic and periods during which pandemic, as companies suddenly
harder lockdown restrictions were became more dependent on cloud
imposed in many countries workflows and remote systems (and
worldwide. We believe this was subsequently more vulnerable).
Carpet bombing became more
largely opportunistic, as
frequent and is here to stay
cybercriminals took advantage of a
sudden shift to remote working &
learning.
3 DDoS Threat
Landscape Report
KEY FINDINGS
More attacks and a Attack Distribution
greater network impact reflects market presence
DDoS attacks continue to increase, Geographically, DDoS attack
with ever greater network impact – the distribution directly reflected our
largest attack in 2020 hit 1.18 Tbps - market presence in different regions,
up 50% from the previous year. with more attacks where we connect
the most customers.
Customer attacks
increased in both
frequency & duration
A trend towards Customers Require DNS and NTP amplification Average attack packet
auto-mitigation of A revised approach to attacks WERE THE most length increased
The average duration attack traffic detection and mitigation common attack vector in during 2020
of each attack was 2020
Due to an increase in multi-vector Carpet bombing has become more
approximately 10 min
attacks, customers are moving commonplace & frequent, placing an
towards auto-mitigation of attack increasing strain on customer network
traffic. infrastructure. This requires a revised
approach to traditional threshold-
based detection and mitigation (from
host-level to logical network-level.
BREAKDOWN
DDoS THREAT
OF FINDINGS
LANDSCAPE
REPORT 2020
6 DDoS Threat
Landscape Report
MITIGATION VOLUME
CLEANED PETABITS (LY) CLEANED TERA PACKETS (LY)
57 14
We cleaned 57 Petabits and
14 Tera packets of malicious
data in 2020 – the equivalent
pb Tp of 1.5 million DVDs
192% 176%
8 DDoS Threat
Landscape Report
19 23
MPPS
10 min
GBPS
Attack frequency
DDoS THREAT
And duration
LANDSCAPE
REPORT 2020
10 DDoS Threat
Landscape Report
ALL ALERT
2018 2019 2020
10 K
7.5 K
5K
2.5 K
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
11 DDoS Threat
Landscape Report
5K
2,5 K
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
12 DDoS Threat
Landscape Report
300
200
100
150
100
50
| | | | | | | | | | | |
01:00 03:00 05:00 07:00 09:00 11:00 13:00 15:00 17:00 19:00 21:00 23:00
14 DDoS Threat
Landscape Report
GEOGRAPHICAL DISTRIBUTION
41
27
74 77 2
2433
1788 33
596
21 We saw the highest
concentration of DDoS
2 16 158 207 attacks in our key markets,
489
reflecting greater overall
20
customer numbers traffic
2
151 35
2 30
15 DDoS Threat
Landscape Report
14 SMA Gbps/Mpps
SMA No. 300
LDAP Amplification TCP SYN CharGEN Amplification
There appears to be a
distinct correlation
12 1 500 Number/Week
Main Waves
of Covid-19 between the two main
pandemic waves
10 200
(lockdown phases) and
8 1 000
the number of DDoS
attacks targeting our
6 customers
100
4 500
DNS & NTP amplification
were the most common
2
types of attack in 2020
Jan 2019 Jul Jan 2020 Jul Jan 2019 Jul Jan 2020 Jul
16 DDoS Threat
Landscape Report
Average packet
Avg Pkt lenght Alerts per customer Duration per customer
Attack vectors
750 1.6 1.6 shifted from small
packet SYN attacks to
larger packet attacks
with amplification
500 0.8 0.8
Overall, customers
experienced more
attacks, with longer
duration during 2020
Jan 2018 Jul Jan 2019 Jul Jan 2020 Jul Jan 2018 Jul Jan 2019 Jul Jan 2020 Jul
17 DDoS Threat
Landscape Report
CARPET BOMBING
Global Carpet bombing severity (LY)
Extreme High Medium Low
25
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
About Telia Carrier
Telia Carrier solves global connectivity challenges for multinational
enterprises whose businesses rely on digital infrastructure. On top of the
world’s Number-1-ranked IP backbone and a unique ecosystem of cloud
and network service providers, we provide an award-winning customer
experience to customers in 125 countries worldwide.
Our global Internet services connect more than 700 cloud, security and
content providers with low latency. For further resilience, our private Cloud
Connect service connects directly to Amazon Web Services, Microsoft Azure,
Google Cloud, IBM Cloud and Oracle cloud across North America, Europe
and Asia.
teliacarrier.com/knowledge-hub
teliacarrier.com