Distributed denial of service (DDoS) attacks are decreasing in number, even as traffic volumes grow, according to analysis from Verisign from its mitigation services.
According to the Q1 2017 DDoS Trends Report, the company’s infrastructure saw a 23% decrease in the number of attacks in Q1 2017; however, the average peak attack size increased 26% compared to the previous quarter. Overall, average peak attack sizes have been noticeably larger since Q1 2016, it said, with peak sizes more than 10Gbps.
The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120Gbps and around 90 million packets per second (Mpps). This attack sent a flood of traffic to the targeted network in excess of 60Gbps for more than 15 hours.
“The attack was notable because the attackers were persistent, sending attack traffic on a daily basis for over two weeks,” Verisign noted. “The attack consisted primarily of TCP SYN and TCP RST floods of varying packet sizes, and employed one of the signatures associated with the Mirai IoT botnet. The event also included UDP floods and IP fragments which increased the volume of the attack.”
The analysis also showed that 57% of the DDoS attacks mitigated by Verisign in Q1 2017 employed multiple attack types, while 46% of them were UDP floods. TCP-based attacks were the second most common attack vector, making up 33% of attack types in the quarter.
And perhaps unsurprisingly, the IT/cloud/SaaS industry, representing 58% of mitigation activity, was the most frequently targeted industry for the tenth consecutive quarter. That was followed by the financial sector, which represented 28% of mitigation activity. Media services was No 3, at 7%.