In the intricate world of cybersecurity, staying ahead of emerging threats and understanding the intricate dynamics of online infrastructure is crucial. With attack trends changing all the time, knowing how bad actors are structuring and targeting their attacks is the first step in protecting your organization!
To help you stay up to date on these emerging threats, Vercara’s comprehensive reports for February 2024 offer a deep dive into three critical components shaping the digital landscape: UltraDDoS, UltraDNS, and UltraWAF.
UltraDDoS.
In February 2024, Vercara detected and mitigated a significant increase in Distributed Denial-of-Service (DDoS) attacks, a 73.32% increase from the post-holiday lull in January. The largest DDoS attack observed was approximately 556.82 Gigabits per Second (Gbps), consisting of around 54 million packets per second.
Vercara observed and mitigated over 2,300 DDoS attacks in a single day (February 27th) with zero degradation to Vercara’s customers, demonstrating the effectiveness of UltraDDoS Protect. This was a 1,171% increase in the daily average, predominately targeting an online education provider.
Carpet bombing DDoS attacks, characterized by numerous short-duration waves, continue to increase month-over-month, with 52.95% of all observed DDoS attacks being carpet bombing and a 101.59% increase compared to January. Carpet bombing attacks are intended to avoid detection by leveraging low-traffic attacks across the entirety of the network, reducing the likeliness of triggering threshold alerts and making mitigation more difficult by constantly changing several factors within the attack (source IP, destination IP, DDoS Vectors).
UltraDNS.
Domain Name System (DNS) plays a pivotal role in translating human-readable domain names into IP addresses, facilitating smooth online experiences. Understanding DNS statics and trends is crucial for understanding the broader internet usage and the evolution of networking protocols.
In February 2024, Vercara UltraDNS processed over 3.56 trillion authoritative DNS queries, showcasing the extensive reach and reliability of the infrastructure. There was a decrease of 5.72% in DNS queries compared to the month prior due to February being a shorter month, with only 28 days compared to 31 days in January.
Taking a deeper dive into the various DNS query types, the “A” record continues to be the most requested record type with 55.25%, which indicates the continued reliance on IPv4 addresses. The “AAAA” record accounted for 19.07%, underlining the ongoing adoption of the newer protocol. Organizations are still shifting towards more secure methods, which is relevant in that the “HTTPS” record type was 6.88%.
Top 10 Queried DNS Records:
DNS response codes provide valuable insight into server health and potential anomalies. The “No Error” response code prevailed at 80.43%, showcasing the overall robustness UltraDNS in answering queries. The “NX Domain” response code was the second most observed response code, with 18.84% suggesting queries for non-existent domains, possibly stemming from misconfigurations and typographical errors in domain requests. Additionally, the “NX Domain” response code could also indicate attempted DNS poisoning, DNS enumeration, DDoS attacks, or other cyber-attacks. The “Server Fail” response code still remains minimal, with 0.01% indicating that server-side errors are almost non-existent.
UltraWAF.
In the ever-evolving cybersecurity landscape, understanding web application attack statistics and trends is paramount as they unveil crucial insights into the current threat landscape.
In February 2024, Vercara saw a 13.69% increase in total web traffic through the UltraWAF platform compared to the month prior. The alarming aspect was the significant surge of 361.95% in malicious traffic and an increase of 5.33% in overall bot traffic. Among the various web application threat vectors, the most noticeable change was in the Cookie category, with a 38x surge, followed by the Buffer Overflow Header category, with a substantial increase of ~23x month over month.
Breaking down the web application threat vectors, Vercara detected 43.85% of web request traffic was attributed to malicious traffic, while 1.18% was identified as bot traffic. The Signature Match threat category (identifying patterns of known attacks) was most prevalent, constituting 87.98% of all malicious traffic. The Field Consistency threat category (checks against invalid form submissions) was second with 9.56%, and the Invalid RFC threat category (violations of the HTTP RFC) was third, comprising 8.21% of observed malicious traffic.
Stay up to date on the latest attack trends.
Want to learn more about how bad actors are structuring and performing cyber-attacks? Check out our report page for more information, including monthly reports on attack trends, the latest cyber security news, and more!