Verisign’s latest quarterly DDoS Trends Report, looking at the three months to June 2015, has found a noticeable rise in distributed denial of service (DDoS) attacks, with finance, and especially Bitcoin, a particular focus.
Key findings include the observation that DDoS attack sizes are growing: attacks over 5Gbps accounted for 18% of all such occurrences, an increase of 2% on the previous quarter. The average attack size increased to 5.53Gbps, 52% higher than Q1 2015, and 38% of attacks peaked at more than 1Gbps; 20% of attacks were 15Gbps in size.
Verisign also noted a continued upward trend in the number of attacks in Q2 and mitigated 34% more attacks in the first half of 2015 than in the first half of 2014. IT services/cloud/SaaS customers experienced the largest volume of attacks in Q2, representing over a third of all attacks.
Yet perhaps the most noteworthy observations were made in the DDoS for Bitcoin (DD4BC) attacker group category, regarding which Verisign’s customer base experienced increased activity. This was in the form of ransom threats, some of which culminated in actual DDoS attacks.
Even though most DDoS attacks were found to range from 1–5Gbps, Verisign mitigated DDoS larger attacks, peaking at 25Gbps in July 2015. Additionally, almost a third of the DDoS attacks mitigated by Verisign under the 1Gbps range were found to be driven in part by the DD4BC campaign and targeted the financial industry.
The report also highlighted one of the most prolific DD4BC cyber-attacks whereby a small group of people –likely fewer than five – conducted extortion operations globally against at least three-dozen known targets in industries including banking, exchanges (Bitcoin specifically) and gaming.
Looking at verticals, the report identified the financial (and payments) sector as the second most targeted industry, making up 22% of attacks mitigated, up from 18% in Q1 2015 and largely driven by the DD4BC attacker group. The media and entertainment industry was also heavily targeted, representing a fifth of all mitigations in the quarter.