DDoS Threat Report 2019 Q3: iOS devices far surpass Android

According to NexusGuard’s third-quarter 2019 DDoS report, DNS amplification attacks continue to dominate distributed denial of service (DDoS) attacks, while mobile device traffic continues to rise. Compared to the same period last year, the number of distributed denial-of-service (DDoS) attacks increased by 86% in the third quarter, and amplification attacks using the Domain Name System (DNS) remained the most popular technology for attack targets. According to new data released by Nexusguard, DNS amplification attacks account for 45% of total attack traffic, while HTTP flood attacks and TCP SYN attacks account for 14% and 7.7%, respectively.

The report shows that mobile devices remain a significant source of attack traffic, with 41% of attacks coming from mobile gateways and three-quarters of traffic coming from iOS devices. In addition, the Internet of Things (IoT) devices continue to be attacked and used by attackers. The report states that mobile and IoT devices are particularly vulnerable, in part because these devices are always running and their security is less configurable. Increased network speeds, increased bandwidth, and lower 5G latency will also create an ideal environment for large-scale DDoS attacks that use huge botnets composed of PCs, smartphones, and IoT devices.

DDoS Research Report

In general, there is no major change in the denial of service pattern: attacks usually peak in the first quarter, and then decrease every quarter thereafter, until the end of this year, the attacks have slightly increased. This trajectory occurred in 2018, and this year seems to be replicating this trend. The vast majority (86%) of attacks took less than 90 minutes, and 90% of attacks involved less than 1 Gbps of data.

Mobile devices have become important attack vectors early this year. In the first quarter, more than 60% of application attacks can be traced back to mobile gateways, mainly from mobile devices or computers connected to mobile devices. Data from the latest quarter indicate that mobile devices have been increasingly used in volumetric and amplification attacks, and mobile devices have also contributed to such attacks.

Although Apple devices generally do a good job of security compared to Android, Nexusguard found that 31% of all DNS attacks come from Apple devices and only 10% from Android devices.

Although Apple has done a great job managing, checking, and maintaining the security of the App Store applications, we believe that a significant number of iOS devices have been jailbroken and running unauthorized malicious applications, and these devices have not passed App Store review.

China, Turkey, the United States, and South Korea ranked among the top attacking countries, accounting for 63% of attacks tracked by Nexusguard in the third quarter.