Subscribe to our newsletter to get the latest scoop right into your inbox.
The growing Internet-savvy world is witnessing sophisticated attacks. Year-long DDoS attacks have taken the blemish spots. The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120 Gbps and around 90 Mpps.
Observing the key attack trends between the Q1 of 2017 (January – March); Verisign observed:
Verisign saw a 23 percent decrease in the number of attacks in Q1 2017; however, the average peak attack size increased 26 percent compared to the previous quarter. Attackers also launched sustained and repeated attacks against their targets. In fact, Verisign observed that almost 50 percent of customers who experienced DDoS attacks in Q1 2017 were targeted multiple times during the quarter. Every quarter since the first quarter of 2016 has had average attack peak sizes of over 10 GBPS.
Multi-Vector DDoS Attacks are the Norm. Verisign observed DDoS attacks targeting victim networks at multiple network layers and attack types changing over the course of DDoS events, thus requiring continuous monitoring to optimize the mitigation strategy. 57 % of DDoS attacks in Q1 2017 utilized at least two different attack types. UDP flood attacks continue to lead in Q1 2017, making up 46 percent of total attacks in the quarter. The most common UDP floods mitigated were Domain Name System (DNS) reflection attacks, followed by Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) reflection attacks. While UDP-based attacks continued to dominate the types of attacks deployed, the number of TCP-based attacks increased. TCP floods, largely consisting of TCP SYN and TCP RST floods, were the second most common attack vector, making up 33 percent of attack types in the quarter.
Largest Volumetric Attack and Highest Intensity Flood
The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120 Gbps and around 90 Mpps. This attack sent a flood of traffic to the targeted network in excess of 60 Gbps for more than 15 hours. The attackers were very persistent in their attempts to disrupt the victim’s network by sending attack traffic on a daily basis for over two weeks. The attack consisted primarily of TCP SYN and TCP RST floods of varying packet sizes and employed one of the signatures associated with the Mirai IoT botnet. The event also included UDP floods and IP fragments which increased the volume of the attack.
At approximately 90 Mpps, the speed of the attack was the fastest pps rate observed in Q1 2017. SYN flood attacks at such high pps rates can be disruptive and require a highly scalable cloud-based service that can quickly and effectively defend against such attacks
Mitigations on Behalf of Verisign Customers by Industry for Q1 2017:
Ø 58% of mitigations
Ø 22.5% Gbps remains the average attack size
Ø 28% of mitigations
1.7 Gbps remains the average attack size
Ø 6% of mitigations
Ø .63 Gbps remains the average attack size
Ø 4% of mitigations
32.6 Gbps remains the average attack sizePublic Sector
Ø 2% of mitigations
Ø 31.9 Gbps remains the average attack size
Ø 2% of mitigations
Ø .51 Gbps remains the average attack size
Attacks against Financial Sector Increases
The financial sector continues to be a constant target for DDoS attacks. In Q1 2017, Verisign’s financial sector customers experienced the second highest number of DDoS attacks (28 percent) of any industry sector within Verisign’s customer base (a large increase from only 7 percent during the prior quarter). IT Services/Cloud remained the sector with the largest number of DDoS attacks in Q1 2017.
Combining technology and the human element to mitigate DDoS attacks
In Q1 2017, Verisign observed that 57%t of DDoS attacks against its customer base utilized multiple attack vectors. As DDoS attacks increase in complexity and size, combating them becomes more challenging. In response, organizations not only need the right technology capable of meeting this growing threat, but also the right human element. Technical staff with DDoS expertise working in tandem with technology is highly beneficial in keeping networks and infrastructures available during an attack.
Various on-premise firewalls and dedicated DDoS appliances are intended to preemptively stop malicious traffic before it reaches a network. The appliances can be configured with countermeasures or rules to block traffic to certain ports or traffic in a non-compliant format. When configured properly, the associated malicious traffic will be effectively blocked and dropped before it reaches the intended servers. These appliances are adept at handling simple attacks such as SYN floods and UDP floods, allowing some of the processes including detection to mitigation to be automated. However, in order to fine tune attack countermeasures and respond to changing attack tactics, it is important to have the right people working behind the scenes to most effectively combat a wide variety of attacks.
The Human Element
Attackers are using multiple tactics and adapting them midstream to impact their designated target. For example, Verisign observed that many Layer 7 attacks are regularly mixed in with Layer 3/Layer 4 DDoS flooding attacks. Volumetric flood attacks are easier to defend against than Layer 7 DDoS attacks, which pose a different challenge because it is difficult to distinguish legitimate human traffic from bot traffic. In such cases, a highly trained DDoS team with years of experience and expertise is needed to continuously monitor and adapt a mitigation approach to effectively differentiate bot versus human traffic.
Techmagnifier Group is a vivid one stop online source protracting all the exclusive affairs of the Consumer and Business Technology. We have well accomplished on delivering expert views, reviews, and stories empowering millions with impartial and nonpareil opinions. Technology has become an inexorable part of our daily lifestyle and with Techmagnifier Group expertise, millions of intriguers everyday are finding for itself a crony hangout zone.
Vishal Goyal, Senior Manager - Technical Marketing, Analog and MEMS Group, RF, Sensors and A...
Souma Das, Managing Director, Qlik India
Rajesh Shewani, Head, Technology and Solution Architecture, Teradata India
Krishnan Shrinivasan, Managing Director, Lam India
Maninder Singh, Corporate Vice President and Head – Cyber Security and GRC, HCL Technologies
May 29, 2017
Mar 03, 2017
Jul 27, 2017Designed to meet the long lifecycle needs of COTS contractors Artesyn Embedded Technologies launched a powerful new packet processing and high performance server blade, the ATCA-7540, based on dual Intel Xeon Scalable processors (codename Skylake), which were recently announced. Key Nuggets...
Jul 20, 2017Limelight Networks announces establishment of three new Points-of-Presence (PoPs) in India panning across Bombay, Chennai and Delhi. The new PoPs is...
Jul 18, 2017Spirent Communications deep reporting and analytics to check and optimize virtualized infrastructures Spirent Communications announces the release of...