DDoS attacks surge in first half of the year
Arbor Networks latest report indicate almost two thirds increase in peak attack size
DDoS attacks continue to escalate both in size and frequency.
This is according to the global DDoS attack report for the first six months of 2016 by Arbor Networks, the security division of NETSCOUT.
Arbor’s data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS provides the data for the Digital Attack Map, a visualization of global attack traffic created in collaboration with Google Ideas. ATLAS data has also been utilized recently in Cisco’s Visual Networking Index Report and the Verizon Data Breach Incident Report.
DDoS remains a commonly used attack type due to the ready availability of free tools and inexpensive online services that allow anyone with a grievance and an internet connection to launch an attack. This has led to an increase in both the frequency, size and complexity of attacks in recent years.
ATLAS has observed an average of 124,000 events per week over the last 18 months. This is a 73% increase in peak attack size over 2015, to 579Gbps.
274 attacks over 100Gbps monitored in 1H 2016, versus 223 in all of 2015. Further, 46 attacks over 200Gbps monitored in 1H2016, versus 16 in all of 2015. The report also shows USA, France and Great Britain are the top targets for attacks over 10Gbps.
As Arbor’s Security Engineering & Research Team (ASERT) recently documented, large DDoS attacks do not require the use of reflection amplification techniques. LizardStresser, an IoT botnet was used to launch attacks as large as 400Gbps targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions. According to ASERT, the attack packets do not appear to be from spoofed source addresses – and no UDP-based amplification protocols such as NTP or SNMP were used.
A 1 Gbps DDoS attack is large enough to take most organisations completely off line. In contrast, the average attack size in 1H 2016 was 986Mbps, a 30% increase over 2015 while the average attack size is projected to be 1.15Gbps by end of 2016, the report shows.
“The data demonstrates the need for hybrid, or multi-layer DDoS defence,” said Darren Anstee, Arbor Networks Chief Security Technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target. However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour. On-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.”