‫ Verisign Distributed Denial Of Service Trends Report

ID: IRCRE201502188
Date: 2015-02-27
This report contains the observations and insights derived from mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and the security research of Verisign iDefense Security Intelligence Services. It represents a unique view into the attack trends unfolding online for the previous quarter, including attack statistics, DDoS malicious code analysis and behavioral trends.
For the period starting July 1, 2014 and ending Sept. 30, 2014, Verisign observed the following key trends:
·                     The number of attacks in the 10 Gbps and above category grew by 38 percent from Q2 to represent more than 20 percent of all attacks in Q3.
·                     Attackers were persistent in launching attacks against targeted customers, averaging more than three separate attempts per target.
·                     The most frequently targeted industry this quarter was Media and Entertainment, representing more than 50 percent of all mitigation activity.
·                     The largest attacks observed this quarter targeted the E-Commerce industry – peaking at more than 90 Gbps.
Mitigations by Attack Size
Large-scale DDoS attack frequency has continued to trend upward as the number of attacks in the 10 Gbps and above category grew by 38 percent from Q2 to represent more than 20 percent of all attacks in Q3 (figure 1). On-premise mitigation defenses and devices are rendered ineffective the moment a DDoS attack exceeds an organization’s upstream capacity. If they haven’t already, organizations that focus on resiliency should consider deploying cloud-based or hybrid premise/cloud DDoS protection solutions to mitigate application-layer, multi-vector and volumetric attacks that exceed their available bandwidth with minimal increases in operational overhead.
Figure 1: Increase in Attacks Greater Than 10 Gbps
Figure 2: Average Attack Size by Quarter (in Gbps)
Attacks mitigated by Verisign in the third quarter averaged 6.46 Gbps (Figure 2), which represented a 48 percent drop in average attack size quarter over quarter, but a 65 percent increase in average attack size from Q1 2014. The exceptional increase in average attack size in Q2 (12.42 Gbps) was driven by multiple sustained volumetric attacks in the 200-300 Gbps range. Removing the very large attacks from the Q2 data set shows average attack size was 4.6 Gbps, which, if compared to the Q3 average attack size, represents an increase of more than 40 percent. The largest volumetric UDP-based DDoS attack mitigated by Verisign in Q3 was 90 Gbps; the largest TCP-based attack was more than 30 Gbps.
Mitigations by Industry
DDoS attacks are a global threat and not limited to any specific industry, as illustrated in Figure 3. This comparative data can be helpful in prioritizing security expenditures based upon the observed exposure of your industry to this threat. Industries with the highest risk are generally those who are either active politically, or will suffer significant financial loss from downtime. That said, as Verisign has observed over the past decade, a target can become a target for an ever-expanding array of reasons, and every organization should consider its risk and potential exposure in this context.
Media and Entertainment customers continue to experience the largest volume of attacks, peaking in size at just over 20 Gbps in Q3, (Figure 4) which is more than enough to overwhelm most on-premise mitigation capabilities. The E-Commerce industry, while attacked less frequently, was targeted with the largest attack of the quarter, reaching over 90 Gbps (Figure 4). This attack was a pulsing UDP flood employed in short bursts of 30 minutes or less. It consisted primarily of NTP reflective amplification attack traffic. This activity was aimed at disrupting the critical online commerce capability of the customer and was successfully mitigated by Verisign.
Figure 3: Percentage of Attacks by Industry
Figure 4: Peak Attack Size by Top Industries
Mitigations by Attack Frequency
Over the course of 2014, Verisign has observed a consistent increase in the number of attacks per customer, including attacks that changed tactics mid-stream. Q3 saw the largest increase in attack frequency, rising to an average of more than three attacks per targeted customer, a figure that rose 60 percent higher than Q2 (Figure 5). The increase in attack frequency, like the increase in attack size, may be attributed to maturation of attackers, easier access to ready-made DDoS botnets and toolkits, and adversary observation of attack impact on their targets. As attackers continue to evolve and become more sophisticated, Verisign expects to see this trend continue into the foreseeable future.
Figure 5: Average Number of Attacks per Targeted Customer (by quarter)


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 9 اسفند 1393



امتیاز شما
تعداد امتیازها:0