Q1 2015 DDoS Attacks Spike, Targeting Cloud

In the first quarter of 2015, there were more distributed denial of service (DDoS) attacks than anytime during 2014—and there was a 7% increase from the previous quarter.

According to research from the Verisign iDefense Security Intelligence Services, the frequency of attacks against both public sector and financial services customers increased; each grew from 15% in Q4 2014 to represent 18% of all Verisign mitigations in Q1 2015. But the most-attacked industry was the IT services/Cloud/SaaS sector, representing more than one-third of all mitigation activity.

“Since the early days of the Internet, malicious actors have used DDoS attacks as tools of protest, financial gain, retaliation and simple mischief,” the report noted. “Today’s DDoS attackers choose their targets and tactics for a number of reasons, many of which may not be clearly evident to the victims or the security professionals and law enforcement organizations who assist them.”

The ready availability of an increased number of DDoS toolkits and DDoS botnets for hire may also have contributed to increased attacks against these industries in Q1—and that several high-profile events on the world stage probably also contributed to the increase.

“Verisign believes this increase in attacks may be partially attributed to an increased employment of DDoS attacks as part of political activism, or hacktivism, against financial services firms and various international governing organizations,” the report noted. “Verisign also believes that these attacks may be in reaction to various well-publicized events throughout the quarter, including the Charlie Hebdo terrorist attacks in Paris, France, and protests in Venezuela, Saudi Arabia and the United States.”

In terms of volume, over half of all attacks peaked at more than 1Gbps, 34 percent of attacks peaked between 1Gbps and 5Gbps, and nearly 10 percent of attacks peaked at more than 10Gbps.

There were a few volumetric DDoS attacks too, with sizes that peaked in the double-digits; these were User Datagram Protocol (UDP) floods. The largest of these clocked in at 54Gbps/18 million packets per second (Mpps) and was primarily a UDP-reflection attack leveraging the Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) functions, in combination with a lower volume of SYN flood traffic. The attack targeted a cloud customer and persisted for approximately four hours.

VeriSign also saw 8 Gbps/22 Mpps for TCP-based attacks.

“Regardless of their motivations, however, DDoS attackers are proving more adept and effective than ever at disrupting their targets, and network-dependent organizations of all industries, types and sizes should consider their risk and prepare accordingly,” the report concluded.

What’s Hot on Infosecurity Magazine?