Q2 DDoS activity up 83%, report

Researchers spotted an uptick in the number of DDos attacks in the Q2 2016.
Researchers spotted an uptick in the number of DDos attacks in the Q2 2016.

Nexusguard researchers noticed an 83 percent uptick in DDoS attacks in Q2 2016 compared to Q1.

Russia led the pack with both the largest number of attacks with 76,462 attacks detected this quarter and the largest percentage increase in attacks, up 1992 percent from Q1 2016, according to the firm's recent DDoS Threat Report.

China came in second with 28,399 attacks followed by the U.S. with 23,738 attacks, France with 13,953 attacks, Great Brittan with 4,334 attacks, Germany with 3,526 attacks, and Canada with 2,773 attacks.

Researchers noted a decrease by more than half in the number of attacks targeting Brazil which fell to 2,318 attacks, although the decrease wasn't enough to bump the nation out of the top 10.

The most notable DDoS assault targeted a Russian telecom company which targeted 51,630 IPs on the Starlink network, the report said. An energy products company, a bank, a medical device manufacturer, and a clinic were also affected by the attack.

NTP was the leading attack methodology by a small margin followed by DNS, the method used in the Starlink attack, and that it appears the two methods are preferred for attacks targeted at individuals.

“We also hypothesize that DNS is becoming increasingly effective at taking down its targets,” the post said. “We believe this is related to the mysterious ACLs that we have observed moving across transit providers for port 123 packets exceeding 500 bytes in size.”

Acknowledging that “predictions are unreliable due to human activity,” Nexusguard Chief Scientist Terrence Gareau told SCMagazine.com via email comments he expects that there will be increases in DDoS attacks over the next quarters due to a “global media event” where threat actors may target high profile targets for attention.

In addition Gareau warned that potential targets keep in mind that DDoS attacks aren't always limited to a single target.

“With the Russian incident, many businesses that were customers of the ISP felt the repercussions of the event,” he said. “Even though there might only have been one real target, collateral damage cannot be avoided.”

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS