Defending Against Layer 7 DDoS Attacks

By DDoS Protection, Security

Layer 7 attacks are some of the most difficult attacks to mitigate because they mimic normal user behavior and are harder to identify. The application layer (per the Open Systems Interconnection model) consists of protocols that focus on process-to-process communication across an IP network and is the only layer that directly interacts with the end user. A sophisticated Layer 7 DDoS attack may target specific areas of a website, making it even more difficult to separate from normal traffic. For example, a Layer 7 DDoS attack might target a website element (e.g., company logo or page graphic) to consume resources every time it is downloaded with the intent to exhaust the server. Additionally, some attackers may use Layer 7 DDoS attacks as diversionary tactics to steal information.

(more…)

Verisign Q2 2016 DDoS Trends: Layer 7 DDoS Attacks a Growing Trend

By DDoS Protection, Security

Verisign just released its Q2 2016 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Every industry is at risk as DDoS attacks continue to increase in frequency, consistency and complexity. Comparing year-over-year attack activity, Verisign mitigated 75 percent more attacks in Q2 2016 than in Q2 2015. The largest attack mitigated by Verisign in Q2 2016 peaked at 250+ Gbps before settling in at 200+ Gbps for almost two hours.

Verisign also observed a growing trend of low-volume application layer, or Layer 7, attacks that probe for vulnerabilities in application code and exploit HTTP/S field headers within request packets to disable applications. These attacks were frequently coupled with high-volume UDP flood attacks to distract the victim from the Layer 7 attack component, often requiring multiple and advanced filtering techniques.

(more…)

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

By DDoS Protection, Security

Verisign just released its Q1 2016 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Every industry is at risk as DDoS attacks continue to increase in size, frequency and sophistication. The most notable observation last quarter is the increase in DDoS attack activity, which was at its highest since the inception of Verisign’s DDoS Trends Report in Q1 2014. Comparing year-over-year attack activity, Verisign mitigated 111 percent more attacks in Q1 2016 than in Q1 2015.

(more…)

Verisign Q4 2015 DDoS Trends: Attack Activity Increases 85 Percent Year Over Year

By DDoS Protection, Security

Verisign just released its Q4 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Every industry is at risk as DDoS attacks continue to increase in size, sophistication and frequency. The most notable observation last quarter is the increase in DDoS attack activity, which was at its highest since the inception of Verisign’s DDoS Trends Report in Q1 2014. Comparing year-over-year attack activity, Verisign mitigated 85 percent more attacks in Q4 2015 than in Q4 2014. Some customers were hit with persistent, repeated attacks over the quarter.

(more…)

Verisign DDoS Trends Report: Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

By DDoS Protection, Security
As part of our efforts to support National Cyber Security Awareness Month by sharing the latest cybersecurity research, Verisign just released our Q3 2015 DDoS Trends Report, which represents a unique view into attack trends unfolding online for the previous quarter, including attack statistics and behavioral trends, derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and the security research of Verisign iDefense Security Intelligence Services.
The most notable observation is DDoS attack activity increased in Q3 to the highest it has been in any quarter over the last two years. Quarter over quarter, Verisign mitigated 53 percent more attacks in the third quarter this year than in the preceding quarter.

(more…)

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

By DDoS Protection, Managed DNS, Security

The National Small Business Association (NBSA) recently released a report revealing that half of all small businesses have been the victim of a cyber-attack – and the cost of dealing with these attacks has skyrocketed to $20,752 per attack. In about a third of attacks, the victim’s website was taken down, often for days. The impact of such outages cannot be measured by the immediate lost revenue alone, as the long term impact of the harm to your reputation and customer loss cannot be easily calculated.

(more…)

Verisign OpenHybrid™ for Corero and Amazon Web Services Now Available

By DDoS Protection, Security

Verisign outlined its vision for a revolutionary new approach to Distributed Denial of Service (DDoS) protection by announcing the availability of the Verisign OpenHybrid™ architecture, which helps organizations protect their critical assets and applications across distributed environments from DDoS attacks, using a single solution. By integrating intelligence from a customer’s existing security defenses, Verisign OpenHybrid™ provides timely detection and restoration of services in the event of an attack, while providing increased visibility of DDoS threats across multiple environments such as private datacenters and public clouds.

In an earlier blog post on the topic, I noted the increasing scale and complexity of DDoS attacks, and the strong need for organizations to enable awareness and mitigation of attacks across on-premise devices, in addition to both public and private cloud environments using standards based open protocols.

Today we are pleased to announce two important updates in our path toward enabling open DDoS protection: the availability of Verisign OpenHybrid™ for Corero SmartWall TDS and Verisign OpenHybrid™ for customers hosted in the Amazon Web Services Elastic Compute Cloud.

(more…)

Verisign Q4 2014 DDoS Trends: Public Sector Experiences Largest Increase in DDoS Attacks

By DDoS Protection, Security

Verisign just released our Q4 2014 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services. Many notable observations were made, including a rise in the average size of DDoS attacks against our customers; the most common attack vector continued to be User Datagram Protocol (UDP) amplification attacks leveraging Network Time Protocol (NTP), while Simple Service Discovery Protocol (SSDP) also continued to be exploited. Verisign also mitigated more attacks in December than any other month in 2014.

The most notable observation, however, is that public-sector customers experienced the largest increase in attacks, constituting 15 percent of total mitigations in Q4. Verisign believes the steep increase in the number of DDoS attacks levied at the public sector may be attributed to attackers’ increased use of DDoS attacks as tactics for politically motivated activism, or hacktivism, against various international governing organizations, as well as in reaction to various well-publicized events throughout the quarter, including protests in Hong Kong and Ferguson, Missouri. As outlined in iDefense’s 2015 Cyber Threats and Trends blog post, the convergence of online and physical protest movements contributed to the increased use of DDoS as a tactic against organizations, including the public sector, throughout 2014.

(more…)

Verisign OpenHybrid™: An Essential New Approach to DDoS Protection

By DDoS Protection, Security

Distributed Denial of Service (DDoS) attacks are a threat to businesses worldwide and the attacks are getting larger and more sophisticated.  The industry’s approach to protecting against DDoS attacks must change, and change fundamentally, to stay ahead of this growing threat.

For too long, the problem has been tackled piecemeal, using isolated devices or services. But protecting against DDoS attacks increasingly requires communication and coordination between many components – from networking equipment, to specialized appliances and cloud-based services.

A shift in security architecture is needed to an open platform where devices and services from different vendors can share and act on information in concert. It must be a hybrid platform, allowing on-premise routers and security appliances to detect and mitigate attacks locally, while automating alerting and switchover to cloud-based services if an attack threatens to swamp the business’ network connection.

(more…)

The Evolving Threat of Amplification DDoS Attacks

By DDoS Protection, Security

If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.

An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.

(more…)