A trio of third quarter reports from security firms reveal changes and complexities in the threat landscape.
A trio of third quarter reports from security firms reveal changes and complexities in the threat landscape.

The third quarter of 2014 was peppered with distributed denial-of-service (DDoS) attacks and threats from Bash bug and advanced persistent threats, according to a trio of recently released reports.

The "Verisign Distributed Denial of Service Trends Report Q3 2014" revealed that the number of DDoS attacks 10 Mbps or above increased 38 percent over the second quarter to account for more than 20 percent of all attacks. The report noted that attackers were persistent in their attempts to attack their targets, hitting them on average more than three separate times.

Media and entertainment were the most targeted industry during the quarter, racking up more than 50 percent of all mitigation activity, Verisign's research showed.

The number of attacks in the 10 Gbps and above category grew by 38 percent from Q2 to represent more than 20 percent of all attacks in Q3. The average attack size declined by 48 percent — not surprising since Q2 was marked by a high frequency of massive attacks. By taking those very large attacks out of the equation, though, meant that Q3 average attack size was 40 percent larger than in Q2.

But a similar report from Black Lotus showed a downtick in both the size and frequency of DDoS attacks — the company's customers saw an 87 percent drop in bit volume attacks. But Black Lotus' "Q3 2014 Threat Report" attributed the decline to attackers favoring more complex attacks, such as SYN floods and application layer attacks, rather than amplification attacks. 

In fact, of the 58 percent of the 255,564 attacks considered severe in the quarter, almost half were SYN flood attacks. And 15 percent were aimed at web servers and domain name services (DNS) and caused site outages. Those attacks, Black Lotus said, are difficult to mitigate without the aid of professionals.

“Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyberattackers targeting crucial ports to thwart legitimate traffic from reaching online destinations,” the report warned.

Increasingly, DDoS attacks are originating in Vietnam, India and Indonesia, which will represent the up and comers of 2015, Black Lotus said, but in Q2, China dominated, with the U.S. and Russia in the second and third place slots.