Volumetric DDoS activity up big-time in Q2 2014, report indicates

Volumetric distributed denial-of-service (DDoS) activity is up big-time in the second quarter of this year.

From April 1 to June 30, researchers observed DDoS attacks peaking at about 300 Gbps/24 Mpps for UDP floods and roughly 35 Gbps/91 Mpps for TCP, according to the Verisign DDoS trends report for the second quarter of 2014.

That marks a 216 percent increase over last quarter, and a 291 percent increase over the same quarter in 2013, according to the report, which adds that UDP-based NTP reflective attacks continue to be the biggest DDoS attack vector.

“Because UDP is a connectionless protocol, its packets are easily spoofed and many applications such as NTP yield large amplification vectors,” Danny McPherson, CSO of Verisign, told in a Thursday email correspondence. “As a result many ISPs have begun rate limiting NTP, although it is still extremely virulent.”

Attackers continue to set their DDoS sights on the same industries; 43 percent of attacks are aimed at entertainment and media customers and 41 percent are directed at IT services, cloud and SaaS verticals, according to the report.

The problem is compounded because 65 percent of attacks in the second quarter of this year were more than 1 Gbps – a figure that McPherson said he found significant.

“DDoS attacks upon financial institutions, SaaS providers, and media outlets provide some of the most effective methods of accomplishing hacktivism objectives,” McPherson said. “This is due to the often global impact and publicity resulting from a successful attack.”

It is also easy and cost-effective to launch massive DDoS attacks from a far and see an immediate impact to the targeted organization, McPherson said, going on to add that the days of protesting outside a company's headquarters are no more. “It's actually easier for them to take down a company's network and hurt their bottom line and reputation using a DDoS attack,” he said.

Highlighted in the report is the largest DDoS attack – it peaked at 300 Gbps – that Verisign has ever observed and mitigated, which happened in the second quarter of this year against a media and entertainment services customer.

The attack lasted longer than 30 hours, and McPherson said, “[W]hat was most surprising about it was that reflective amplification techniques were not used in the attack. It was straight bot traffic. This is very rare for an attack of this size.”

DDoS attacks are a way of life, but unfortunately it does not seem that organizations are preparing, McPherson said.

Citing a Verisign-commissioned study conducted by Forrester Research, McPherson said that 57 percent of respondents reported not having a DDoS response plan in place. And 53 percent admitted to having difficulties attempting to detect and mitigate DDoS and DNS threats against multiple systems and ISP links, he added.

“Outsourcing DDoS and DNS protection to a cloud-based provider can be a great solution as it allows for upstream resources to be protected from attacks, eliminates any issues with bandwidth in the case of an attack, and frees up IT personnel to focus on other issues,” McPherson said, adding that the traditional bandwidth overprovisioning and firewalls are no longer enough.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.