The first half of 2014 has seen the largest number of volumetric DDoS attacks over 100Gbps ever, although the average size has reduced since the first quarter, according to the latest stats from Arbor Networks.
The firm’s Active Threat Level Analysis System (ATLAS) gathered data from over 290 ISPs and discovered 111 DDoS events over 100Gbps in the first six months of the year.
It also revealed that already this year the number of attacks over 20Gbps has more than doubled the 2,573 events reported in the whole of 2013.
Attack duration is also up – from 54 minutes on average in Q1 to 98 minutes in Q2, for attacks over 10Gbps, Arbor said.
In terms of attack sources, South Korea was in the lead accounting for 15.1% - a rise of 2.6% since Q1 – with the US close behind with a 14.8% share, up 3.8% since the first three months of the year.
China was next, accounting for 6.7% of DDoS attacks seen, an increase of 2.8% since Q1 2014.
It must be mentioned that around 34% of all monitored events can’t be attributed by Arbor because of anonymisation and distribution techniques.
It’s not all doom and gloom, however, with attack size decreasing over the course of the first six months of 2014.
Average attack size is down by 47% from Q1 while the largest attack size has reduced by 101%, from 325Gbps to 155Gbps.
NTP amplification attacks also appear to be on the wane. They now account for 6% of all DDoS events, down from 14% in Q1, and account for 34% of attacks over 10Gbps, down from 56% three months ago.
When it comes to attacks over 100Gbps, NTP amplification is becoming even less popular, with such events accounting for 49% where the share was 85% back in Q1, Arbor revealed.
This backs up data from other sources. DDoS prevention firm NSFOCUS reported last month that vulnerable NTP servers numbered around 21,000 globally in March and then dropped further to 17,600 in May.
This is a significant reduction from the 432,120 discovered back in December last year and comes after warnings from the US-CERT that attackers were abusing vulnerable NTP servers to overwhelm victim IT systems.
A handy infographic from Arbor can be found here.