Verisign just released its Q3 2014 DDoS Trends Report, which details observations and insights derived from distributed denial of service attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services from July through September of this year. Many notable observations were made, including a rise in the average number of attacks per customer, exploitation of the recently publicized SSDP vulnerability and some notable malicious code trends that will likely contribute to increased DDoS attack activity in the future.
The Evolving Threat of Amplification DDoS Attacks
If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.
An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.
Introducing the Verisign Quarterly DDoS Trends Report
In our observations, working with customers and industry partners, we have seen DDoS attacks continue to grow in size and frequency over the last few years. Further, attackers have expanded their reach from traditionally enterprise and nation-state targets to include companies of all types and sizes. As attackers evolve their sophisticated techniques and attack vectors, companies that don’t have the major bandwidth or expertise to combat these attacks are at a major disadvantage.
Almost Half of Companies Lack DDoS Response Plans
Joining Forces to Advance Protection Against the Growing Diversity of DDoS Attacks
You may have seen the news this morning that we have joined forces with Juniper Networks to provide a comprehensive, always on, DDoS solution. At Verisign, we focus on protecting companies from increasingly complex cyber threats, and this relationship should only raise the bar higher, as it will provide a different, more integrated approach than what’s used today, to help ensure faster and more efficient detection and mitigation.
How Financial Institutions Can Up Their Game Against DDoS Attacks
With the ease of access to the internet and prevalence of social media today, unsuspecting computer users are making it easier than ever for malicious actors to target them with malcode. This trend has helped provide the perfect environment for Distributed Denial of Service (DDoS) attacks to grow in size, complexity and range of targets. Today’s attacks are not limited to web infrastructure; attackers are increasingly targeting the Domain Name System (DNS) infrastructure as well. This trend has been particularly noticeable in the financial industry, which has been hit hard over the last year.
Tips to Protect E-Commerce Website Availability and Security During the Holidays
With the holiday shopping season quickly approaching, internet retailers are gearing up for an onslaught of web traffic – which is great, as long as they have the right measures in place to keep their customers safe and satisfied.
Even one hour of downtime due to a website outage or a malicious attack can have significant impact on a retailer’s reputation and revenue, especially during the holidays, a time which the National Retail Federation says can add up to 40 percent of an online retailer’s annual revenue. With some large e-commerce sites earning millions each day during the holiday season, even a few minutes of downtime can lead to financial losses in the tens of thousands of dollars, not to mention customer frustration.
Cloud-Based DDoS Protection and Managed DNS Services Helping to Increase Operational Efficiency and Thwart Large Attacks
As businesses continue to move critical operations online, distributed denial of service (DDoS) attacks are increasing in frequency, sophistication and range of targets. In a 2011 Verisign study, 63 percent of respondents reported experiencing at least one attack that year, while 51 percent reported revenue loss as a result of downtime from the attack. Those numbers are undoubtedly higher today as the size, frequency and complexity of DDoS attacks continue to grow. Mitigation against these types of attacks is challenging and generally requires layered solutions across data centers and the cloud management. The success of these attacks and their ability to damage a company’s infrastructure, revenue and reputation is indicative that many IT managers still haven’t found the right protection formula to proactively mitigate them.