A 100 percent increase in F5 DDoS customers was spotted in Q1 (October through December 2016), compared to the same period in 2015.
New figures from F5 Networks' EMEA Security Operations Centre (SOC) highlight the growing scale of DDoS attacks across the EMEA region.
In 2016, the SOC based in Warsaw handled and mitigated 8536 DDoS instances alone.
The most commonly observed type of DDoS attack in Q1 were user datagram protocol (UDP) fragmentations (23 percent) followed by DNS reflections and UDP floods (both 15 percent), syn floods (13 percent) and NTP reflections (eight percent).
During Q1, Web Application Firewall (WAF) customers were up 136 percent and anti-fraud rose by 88 percent.
One of the attacks featured among the largest globally, a 448 Gbps UDP/ICMP fragmentation flood using over 100,000 IP addresses from multiple regions. IP attack traffic originated largely from Vietnam (28 percent), Russia (21 percent), China (21 percent), Brazil (15 percent) and the US (14 percent). This incident highlights a growing trend for global coordination to achieve maximum impact.
“Given the rise and variety of new DDoS techniques, it is often unclear if a business is being targeted. This is why it is more important than ever to ensure that traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly,” said Gad Elkin, F5 EMEA security director.
“The best way forward is to deploy a multi-layered DDoS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer,” Elkin concluded.