Gaming and E-commerce are the main targets of DDoS attacks

Gaming and E-commerce are the main victims of DDoS attacks (Distributed Denial of Service): this is what emerges from a search by OVH, the leading European cloud services provider, which analyzed the most affected IP addresses in 2017 and the profiles of their users. The first, unpleasant, place is up to Minecraft servers that are followed by e-commerce platforms of all sizes.

In most cases, attacks are motivated by an economic nature, in order to obtain money through extortion. But there are also cases in which the attacks are perpetrated with the aim of causing damage, perhaps to competitors, and untrustingly obtaining a competitive advantage on the market. OVH also reports that cases are reported in which attacks have been launched by manufacturers of DDoS protection solutions to promote their security products.

Last year 60 thousand different IP addresses of OVH have undergone at least one DDoS attack. On average, there are 1800 DDoS attacks occurred every day last year, about 50 thousand per month with a particular concentration in the month of June.

The analyzes that OVH was able to conduct with VAC, its own DDoS protection system that allowed mitigating attacks of up to 1.3 Tbits per second, show that most attacks occur in the evening hours, between 7 pm and 21:00, when most users are at home and dedicated to online gaming or shopping, with the consequent increase in bandwidth demand. It is in these phases where a DDoS attack is most likely to succeed, causing the greatest possible damage.

On the front of attack vectors in the foreground, with 27% of the total, there are UDP flooding techniques followed by SYN flooding in 21% of cases and amplification attacks in 20% of the situations. Overall, the strategies are evolving: attackers prefer to maximize the number of packets per second, albeit smaller in size (less than 100 bytes), instead of saturating the available bandwidth.

OVH notably sees an increase in direct attacks at the application level and a return of IoT botnets. In general, this scenario demonstrates a spirit of continuous adaptation of the attackers, putting companies and the public in the situation of keeping their countermeasures up-to-date.

The other organizations that received attacks belong to heterogeneous sectors: the main ones are innovative startups, public administration and information sites. The reasons are the most varied, from rivalry between competitors to disputes between users up to censorship to the media.

In general, it is good to keep in mind that DDoS threats are not a problem that only concerns large hosting providers: anyone who is working on the network can be exposed to this type of attack. As always, prevention and the ability to anticipate events are fundamental pieces of a broader strategy, which also includes the analysis of the evolution of attacks and the tools to be used to protect users.