DDoS Average Attack Size Jumps over 200% in Q2

The average size of DDoS attacks in the last quarter grew a staggering 216% from Q1 2014, with nearly two-thirds coming in at over 1Gbps, according to the latest report from Verisign.

The security firm claimed in its Q2 Distributed Denial of Service Trends Report that there was a “marked increase in volumetric DDoS activity” during the period, with attacks reaching a peak of 300 Gbps – a whopping 291% year-on-year increase.

Peak attack size grew 87% year-on-year, with Media and Entertainment (43%) and IT Services/Cloud/SaaS (41%) the hardest hit.

“Verisign observed increasing complexity in second-quarter DDoS attacks, including attacks that quickly and unpredictably changed vectors over the course of the mitigation,” the report noted.

“Verisign saw sophisticated TCP and UDP floods that targeted specific custom application ports and continuously switched vectors. The primary attack vector continues to be UDP based NTP reflective attacks generating significant volumetric attack scale against online businesses.”

Unlike other DDoS prevention firms, which have pointed to a decline in UDP-based NTP attacks of late, Verisign said such campaigns “continued steadily” through the quarter.

“Many organizations do not use or trust external systems for their NTP, so in this case the solution can be as easy as restricting or rate limiting NTP ports inbound/outbound to only the authenticated/known hosts,” the firm added.

“The real danger of an NTP attack is volume as a result of feasible amplification vectors it provides.”

Verisign's chief security officer, Danny McPherson, argued that attacks are growing thanks to the ready availability of cheap, easy-to-use DDoS tools.

"The key is having a preparedness plan in advance of an attack, just like a company would for any other type of business-critical issue associated with operating a business," he told Infosecurity.

"You don’t want to be dealing with figuring out a plan for the first time when you’re under attack."

In this instance, outsourcing to a cloud-based DDoS prevention specialist is the best choice as it frees up corporate bandwidth and IT manpower, McPherson added.

However, contrary to Verisign's report several sources indicate NTP attacks are in fact on the wane.

After the US-CERT highlighted the threat back in January a major patching operation dramatically reduced the number of NTP servers vulnerable to DDoS-ers, according to NSFOCUS.

In June the firm claimed that the number of said servers dropped from over 430,000 in December 2013 to just 17,600 in May.

Arbor Networks, meanwhile, said that as of Q2 NTP amplification attacks accounted for 6% of all DDoS events, down from 14% in Q1. They also accounted for 34% of attacks over 10Gbps, down from 56% in Q1.

The firm added that average attack size dropped 47% from Q1 to Q2 while the largest attack size reduced by 101%, during the period.

What’s Hot on Infosecurity Magazine?