Threat Management, Threat Management

Q2 DDoS activity up 83%, report

Nexusguard researchers noticed an 83 percent uptick in DDoS attacks in Q2 2016 compared to Q1.

Russia led the pack with both the largest number of attacks with 76,462 attacks detected this quarter and the largest percentage increase in attacks, up 1992 percent from Q1 2016, according to the firm's recent DDoS Threat Report.

China came in second with 28,399 attacks followed by the U.S. with 23,738 attacks, France with 13,953 attacks, Great Brittan with 4,334 attacks, Germany with 3,526 attacks, and Canada with 2,773 attacks.

Researchers noted a decrease by more than half in the number of attacks targeting Brazil which fell to 2,318 attacks, although the decrease wasn't enough to bump the nation out of the top 10.

The most notable DDoS assault targeted a Russian telecom company which targeted 51,630 IPs on the Starlink network, the report said. An energy products company, a bank, a medical device manufacturer, and a clinic were also affected by the attack.

NTP was the leading attack methodology by a small margin followed by DNS, the method used in the Starlink attack, and that it appears the two methods are preferred for attacks targeted at individuals.

“We also hypothesize that DNS is becoming increasingly effective at taking down its targets,” the post said. “We believe this is related to the mysterious ACLs that we have observed moving across transit providers for port 123 packets exceeding 500 bytes in size.”

Acknowledging that “predictions are unreliable due to human activity,” Nexusguard Chief Scientist Terrence Gareau told via email comments he expects that there will be increases in DDoS attacks over the next quarters due to a “global media event” where threat actors may target high profile targets for attention.

In addition Gareau warned that potential targets keep in mind that DDoS attacks aren't always limited to a single target.

“With the Russian incident, many businesses that were customers of the ISP felt the repercussions of the event,” he said. “Even though there might only have been one real target, collateral damage cannot be avoided.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.