3 min

Windows devices are increasingly targeted for Distributed Denial of Service (DDoS) attacks, according to a report by cybersecurity specialist Nexusguard. Last year, 87 percent of such attacks originated from Windows machines, versus just 15 percent the year before. This dramatic shift hints at changing tactics among attackers, possibly driven by vulnerabilities in Windows or the increasing sophistication of malware.

Another key finding in the latest Nexusguard DDoS report is that computers and servers are increasingly being used for these attacks—instead of mobile or IoT devices—comprising 92 percent of DDoS attempts. This is a notable jump from the previous year’s 68 percent.

Although the frequency of DDoS attacks decreased by bout 55 percent in 2023, their size surged by 233 percent. In other words, there were fewer attacks, but they were more serious. Attacks are also becoming briefer yet more potent, with 90-minute assaults constituting 81 percent of all DDoS attacks. In contrast, Nexusguard saw a steep 95 percent reduction in prolonged attacks spanning over 1200 minutes (20 hours).

Surge of HTTP/HTTPS attacks

Application attacks, such as HTTP/HTTPS attacks that inundate web servers or apps with a high volume of HTTP or HTTPS requests, experienced a significant surge of 79 percent year-over-year. These comprise a quarter of attacks. Meanwhile, volumetric attacks, which directly flood networks, have seen a 30 percent decline year-over-year, suggesting either improved network infrastructure or attackers shifting towards more sophisticated methods.

DNS Amplification is the fastest-growing attack vector, up from 2 percent in 2022 to 14 percent in 2023. However, HTTPS Flood and NTP Amplification are still the more popular methods, comprising almost half of all DDoS attacks. Most attacks are single-vector, making up nearly 93 percent of DDoS attacks.

A single-vector attack exploits a single vulnerability or uses a single method to disrupt a target system or network. Multi-vector attacks, on the other hand, employ multiple techniques simultaneously to compromise a target, like combining floods of traffic with application-layer attacks that target specific applications.

Maximum disruption with minimal effort

The Nexusguard report indicates that bad actors prioritise simpler-to-execute techniques requiring fewer resources and less expertise. Donny Chong, product director of Nexusguard, notes that cybercriminals aim to inflict maximum disruption with minimal effort.

This motive is evident in the rising number of politically motivated DDoS attacks targeting vital sectors like government and finance. The report suggests that an attack on infrastructure linked to these sectors does not need to be complicated to cause significant harm.

Bit-and-Piece attacks on the rise

However, attackers increasingly use Bit-and-Piece (BNP) attacks, employing small data packets from diverse sources to flood systems and avoid detection and mitigation efforts.

Despite attackers’ attempts to maximize impact with limited resources, network configurations and heightened security awareness have contributed to a 17 percent decrease in NTP Amplification Attacks, a prominent attack vector. Other vectors such as HTTPS Flood and DNS Amplification are now increasingly used.

The full Distributed Denial of Service (DDoS) Trend Report 2024 by Nexusguard is now available for download.

Also read: What is ‘credential stuffing’ and how do you defend against it?