Verisign Distributed Denial of Service Trends, observed attack trends of July – September, Q2 2018. This report provides a unique view into the attack trends that include attack statistics, behavioural trends and future outlook. Compiled on the basis of observations and insights about attack frequency and size obtained from mitigations enacted on behalf of customers from Verisign DDOS Protection Services.
DDoS Attacks Increase in Size and Number
Verisign observed that 58% of DDoS attacks were over 1 Gbps. When comparing Q2 2018 to Q1 2018, Verisign saw a 35 percent increase in the number of attacks, and a 49 percent decrease in the average of attack peak sizes. Year-over-year the average of attack peak sizes increased 111 percent. Verisign additionally observed that 62 percent of its customers who experienced DDoS attacks in Q2 2018 were targeted multiple times during the quarter. Overall, DDoS attacks remain unpredictable and vary widely in terms of speed and complexity.
Multi-Vector DDoS Attacks Remain Constant
52% of DDoS attacks mitigated by Verisign in Q2 2018 employed multiple attack types. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event. Today’s DDoS attacks require continuous monitoring to optimize mitigation strategies.
Types of DDoS Attacks
UDP flood attacks were the most common attack vector in Q2 2018, accounting for 56 percent of total attacks in the quarter. The most common UDP floods included Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP), Network Time Protocol (NTP) and Simple Network Management Protocol (SNMP) amplification attacks.
Largest Volumetric Attack and Highest Intensity Flood Attack
The largest volumetric DDoS attack observed by Verisign in Q2 2018 was a UDP fragment flood that peaked at approximately 42 Gbps and 3.5 Mpps and lasted approximately 3 hours. The highest intensity DDoS attack observed by Verisign in Q2 2018 was a multi-vector attack that peaked at approximately 38 Gbps and 4.7 Mpps and lasted for approximately 2 hours. The attack consisted of a wide range of attack vectors including DNS, NTP and SNMP Amplification attacks and TCP SYN and TCP RST floods.