DNS-Based Threats: DNS Reflection and Amplification Attacks

The Domain Name System (DNS), if not properly secured, may be susceptible to abuse by malicious actors. Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain®1 for many cyber-attacks.

This blog discusses one such threat, DNS reflection and amplification attacks.

(more…)

Q3 2017 DDoS Trends Report: 29 Percent of Attacks Employed Five or More Attack Types

Verisign just released its Q3 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services.

Download your free copy of the Q3 2017 DDoS Trends Report

(more…)

A Framework for Resilient DNS Security: DNS Availability Drives Business

To establish connectivity with other users and devices, almost anything that interfaces with the internet depends on the accuracy, integrity and availability of the Domain Name System (DNS). Most online transactions and data movement are critically dependent on DNS services.

As such, DNS is an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. Organizations are beginning to recognize this and are using DNS security mechanisms as a first line of defense for preventing or mitigating online threats.

(more…)

Q2 2017 DDoS Trends Report: 25 Percent of Attacks Peaked Over 5 Gbps

Cover of the Q2 2017 DDoS Trends Report
Download your free copy of the Q2 2017 DDoS Trends Report

Verisign just released its Q2 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services.

(more…)

Verisign Extends its DNS Firewall Service to Include Protection of Microsoft Azure Cloud Workloads

Verisign is excited to announce that its easy-to-configure, cloud-based, recursive DNS filtering service, Verisign DNS Firewall, is now certified to run on Microsoft Azure. This service will help protect your Microsoft Azure virtual machines from malware command-and-control traffic and navigation to undesirable websites.

(more…)

Verisign Named to the Online Trust Alliance’s 2017 Audit and Honor Roll

Verisign is pleased to announce that we qualified for the Online Trust Alliance’s (OTA) 2017 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the fifth consecutive year that Verisign has received this honor.

The OTA is an initiative within the Internet Society (ISOC) with the mission to promote best practices for online trust. Now in its ninth year, the 2017 OTA audit analyzed nearly 1,000 websites across multiple industry segments, evaluating the websites for consumer protection, security and privacy protection practices, and has been embraced by organizations worldwide as an objective benchmark report.

(more…)

Q1 2017 DDoS Trends Report: 26 Percent Increase in Average Peak Attack Size

Q1 2017 DDoS Trends Report
Download your free copy of the Q1 2017 DDoS Trends Report

Verisign just released its Q1 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services.

(more…)

Market Landscape: The Botnet Ecosystem

Launching a DDoS attack is much more accessible to attackers thanks to the rise of cloud computing, cheap hosting, readily available bandwidth and open-source attack tools. From low-skilled teenagers aiming to cheat while playing online games to cybercriminals looking to supplement their income by renting out their botnets for opportunistic attacks, the DDoS-for-hire market is booming.

(more…)

Q4 2016 DDoS Trends Report: 167 Percent Increase in Average Peak Attack Size from 2015 to 2016

Q4 2016 DDoS Trends Report
Download your free copy of the Q4 2016 DDoS Trends Report

Verisign just released its Q4 2016 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign iDefense Intelligence Services.

(more…)

Q3 2016 DDoS Trends Report: UDP Flood Attacks Make Up 49 Percent of Attacks

Verisign just released its Q3 2016 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

User Datagram Protocol (UDP) flood attacks continue to dominate in Q3 2016, making up 49 percent of the total attacks in the quarter. The most common UDP flood attacks mitigated were Domain Name System (DNS) reflection attacks, followed by Network Time Protocol (NTP) reflection attacks.

The highest intensity flood attack in Q3 2016 was a TCP SYN flood that peaked at approximately 60 Gigabits per second (Gbps) and 150 Million packets per second (Mpps). This flood attack is one of the highest packets per second attacks ever observed by Verisign, surpassing the previous flood of 125 Mpps mitigated by Verisign in Q4 2015.

The largest attack in Q3 2016 utilized the Generic Routing Encapsulation (GRE) protocol (IP protocol 47) and peaked at 250+ Gbps and 50+ Mpps. This is the first time Verisign observed this type of attack against our customer base.

(more…)