The past few months have seen significant changes in global DDoS tactics. We can observe these changes in detail by analyzing traffic patterns from Cloudflare’s global network, which protects more than 27 million Internet properties and blocks 45 billion cyber threats every day. What approaches are DDoS attackers using right now, and what are forward-thinking organizations doing in response?
Cloudflare DDoS product experts Omer Yoachimik, and Vivek Ganti will explore new data on DDoS trends and discuss ways to counter these tactics.
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Recent DDoS attack trends, and how you should respond
1. Live webinar
Recent DDoS attack
trends, and how
you should respond
Omer Yoachimik
Product Management
Cloudflare
Vivek Ganti
Product Marketing
Cloudflare
4. Cloudflare’s Global Anycast Network 27M
Internet properties
42 Tbps
Network capacity
200
Cities and 100+ countries
72B
Cyber threats blocked each day
in Q2’20
99%
Of the Internet-connected
population in the developed
world is located within 100
milliseconds of our network
Note: Data as of June 28, 2019.
4
5. Every Product Runs On Every Server In Every
Datacenter Around The World
5
8. What Is A DDoS Attack?
Classic definition
• DDoS Attack: Malicious actor targets traffic to an internet property with the intent
of causing an outage or service disruption.
Modern definitions
• Self-DDoS Attack: Faulty client applications calling home too frequently
• Friendly DDoS Attack: Overly excited good bots flooding with requests
8
9. Cost of Attacks
● Gartner: The average cost of downtime
is estimated at $5,600 per minute.
● DDoS attacks are commonly used as a
way to distract security teams during an
attempted breach.
● Even after 3 years, breached companies
underperformed the market by -13.27%
T-Mobile
US
TJX
Companies
Huntsworth
Adobe
Global Payments
Royal Bank of
Scotland Group
Monster Worldwide
Vodafone Group
Apple
Source: https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/
13. ‘Smaller’ attacks dominated in Q2
13
From a packet rate perspective:
76% of all L3/4 DDoS attacks in Q2 peaked
up to 1 million packets per second (pps)
From a bit rate perspective:
Nearly 90% of all L3/4 DDoS attacks that we
saw peaked below 10 Gbps
14. Big attacks are getting bigger
14
Of attacks over
100 Gbps
launched since
shelter-in-place
88%
754 Mpps
Largest L3/4 DDoS attack from a
packet rate perspective
18. Scrubbing
Industry Legacy Scrubbing Cloudflare DDoS
• Network Scale can absorb any
DDoS attack.
• Share Intelligence constantly
learns and applies intel to ID
new attacks.
• Ease of use -- it’s just on!
A Fully Differentiated DDoS Solution
Unmetered DDoS Protection = Trust
Fast and Safe -- Better than distant ‘scrubbing centers’
19. Application Layer 7
Session Layer 5
Presentation Layer 6
Transport Layer
Network Layer
Datalink Layer 2
Physical Layer 1
Cloudflare DDoS
Protection
DDoS Protection— At Every Layer Of The OSI Stack
19
WAF/CDN
L7 Proxy
Spectrum
L4 Proxy
Magic Transit
L3 Routing
20. Our Story — L3 DDoS Protection With Magic Transit
Built for Cloudflare. Now available for our customers
Cloudflare Data Center
200 cities in 95+ countries
37 Tbps DDoS mitigation capacity
DDoS protection
Near-instant TTM
Network firewall
Granular Allow/Deny rules
for IP ranges
Customer Data Center
LAYER 3 - IP
(MAGIC TRANSIT)
22. How Cloudflare Magic Transit Compares To Other Vendors
Feature
Data as of July 2020
1 Radware— https://www.radware.com/products/cloud-ddos-services/
2 Akamai Prolexic— https://www.akamai.com/us/en/multimedia/documents/product-brief/prolexic-routed-product-brief.pdf;https://blogs.akamai.com/2018/04/whats-new-with-prolexic.html
3 Neustar— https://www.home.neustar/resources/product-literature/make-ddos-direct-connection-with-netprotect
4 Imperva— https://www.imperva.com/resources/datasheets/Imperva_DDOS_ProtectionForNetworks.pdf
5 Cloudflare Magic Transit and other vendors offer 0-sec TTM for “proactive” or static rules. TTM listed here is for automatic detection and mitigation.
MAGIC
TRANSIT
IMPERVA4NEUSTAR3
AKAMAI
PROLEXIC1
RADWARE1
11
5 Tbps
‘seconds’
19
8 Tbps
< 5 min
14
12 Tbps
5-15 min
45
6 Tbps
< 3 sec
200+
37+ Tbps
< 10 sec
No. of data centers for DDoS mitigation
DDoS scrubbing capacity
Time-to-mitigation (TTM5)
23. North American non-profit
organization that hosts
Wikipedia, one of the world’s
most renowned open
collaboration projects.
● Founded in 2003
● One of the most visited
websites in the world
● Over 25 billion page
views monthly
● Hosts 13 collaborative
knowledge projects
including Wikipedia
CHALLENGES
• Target of a massive coordinated DDoS attack campaign of ~300Gbps of
bandwidth, 105MPPS of TCP ACK traffic, and 340MPPS of UDP floods
• Significant increase in HTTP response times from servers that were still reachable
• Site accessibility impacted in various regions around the world
CLOUDFLARE SOLUTION
• Magic Transit protects their on-premise data centers from volumetric attacks
• Even as the attack changed patterns, Magic Transit was a resilient shield protecting
Wikimedia’s network infrastructure
• Improved resilience and availability
• Zero performance degradation due to filtering traffic at the edge
• Valuable partnership with Cloudflare and influence on product roadmap
KEY RESULTS
Cloudflare helps Wikimedia restore service following a massive DDoS attack
https://www.cloudflare.com/case-studies/wikimedia-foundation/
Bringing Wikipedia back online
24. “Cloudflare has reliable infrastructure and an extremely
competent and responsive team. They are well-positioned
to deflect even the largest of attacks.”
Grant Ingersoll
CTO, Wikimedia Foundation
25. For a limited time:
Replace your legacy provider with Cloudflare Magic Transit and pay
nothing until your existing contract expires*
● Get Magic Transit service at no charge until the expiration of your
current contract with Akamai Prolexic, Neustar, Imperva, or
Radware for up to 12 months.
● We will aim to beat the price you are paying your legacy provider,
for the paid period.
● For more information, go to www.cloudflare.com/lp/better
*Terms and conditions apply
Network DDoS Protection You’ll Love. We’ll Prove It.