DDoS attacks appear to be increasing in frequency and scaling in size. Most reports will show a near continuous stream of increasing risk and higher attack volume, but Versign’s Q2 2016 research report suggests that the trend has always been the case.
Verisign publishes a DDoS Trends Report every quarter, compiled on the basis of data derived on behalf and in cooperation with Verisign DDoS Protection Services customers and conducted by Verisign iDefense Security Intelligence Services from April 1, 2016 through June 30, 2016. The report demonstrates a unique view into the attack trends unfolding online, including attack statistics and behavioral trends for Q2 2016.
Comparing year-over-year attack activity, Verisign mitigated 75% more attacks in Q2 2016 than in Q2 2015. The largest and fastest DDoS attack mitigated by Verisign in Q2 2016 peaked at 256 Gbps for about 15 minutes before settling in at more than 200+ Gbps for almost two hours. The company notes that every industry is at risk as DDoS attacks continue to increase in frequency, consistency and complexity.
Verisign also placed a large emphasis in their report on low-volume application layer, or Layer 7 attacks search for vulnerabilities in application code and exploit HTTP/S field headers within request packets to disable applications. Layer 7 attacks are known as some of most difficult cyberattacks to mitigate because they mimic normal user behavior and are harder to identify, often requiring multiple and advanced filtering techniques. These attacks can include SQL injection, which sends deceptive instructions to databases to steal information and are often accompanied by much larger UDP or TCP floods to distract the target from the Layer 7 attack component.
Other notable observations as listed:
- The average peak attack size in the second quarter was 17.37 Gbps, an increase of 214% over Q2 2015. However, it is down from the 19.37G bps reported in Q1 2016.
- Full 75% of attacks peaked over 1 Gbps, and 32% exceeded 10 Gbps.
- 64% of DDoS attacks detected in Q2 2016 employed multiple attack types, indicating that DDoS attacks continue to increase in complexity.
- User Datagram Protocol (UDP) flood attacks continue to dominate; accounting for approximately 56% of attacks in Q2 2016
- 45% of DDoS attacks targeted the IT/Cloud/SaaS industries, followed by financial services at 23% and the public sector at 14%