In our observations, working with customers and industry partners, we have seen DDoS attacks continue to grow in size and frequency over the last few years. Further, attackers have expanded their reach from traditionally enterprise and nation-state targets to include companies of all types and sizes. As attackers evolve their sophisticated techniques and attack vectors, companies that don’t have the major bandwidth or expertise to combat these attacks are at a major disadvantage.
To help raise awareness of the growing threat of DDoS attacks, Verisign has aggregated data derived from mitigations enacted on behalf of, and in cooperation with, the Verisign DDoS Protection Services global customer base from Jan. 1 – March 31, 2014 in its inaugural Q1 2014 DDoS Trends Report. Below are some highlights of the findings:
- Verisign saw an 83-percent increase in average attack size over the previous quarter (Q4 2013) and an approximate 6-percent increase over the same quarter last year (Q1 2013).
- Attackers launched massive amplification attacks using Network Time Protocol (NTP) reflector and DNS amplification techniques against customer targets and infrastructure providers. The most common volumetric attack size ranged from 50-75 gigabits per second (Gbps). Many of these large-scale NTP attacks were targeted at major banks and financial services companies.
- Approximately 30 percent of attacks against Verisign clients were targeted specifically at the application layer (the SSL layer in particular), requiring Verisign to employ advanced mitigation techniques.
- Attackers are targeting a much broader set of vertical industries than just the financial services sector. Media and entertainment represented the most frequently attacked vertical in Q1 with a 33-percent increase as compared to 2013, followed by the IT Services/Cloud/SaaS sector.
In addition, while DNS amplification attacks are still common and NTP reflection attacks have emerged as a formidable attack vector, we also saw indications that attackers could further exploit other User Datagram Protocols (UDP) for large amplification attacks in the near future. This could be an attractive vector due to the simplicity and stateless nature of UDP. We are already starting to see attacks taking advantage of the Simple Network Management Protocol (SNMP), the UDP-based network management protocol that is enabled on every network device (routers, switches, etc.).
This is concerning, as data from a recent Verisign-commissioned study conducted by Forrester Research shows that many enterprises aren’t taking steps to protect themselves — even as high-profile DDoS attacks continue to make headlines. Only 57 percent of respondents in the Forrester study reported that they currently had a DDoS response plan in place, and 53 percent indicated difficulties when attempting to detect and mitigate DDoS and DNS threats against multiple systems and ISP links.
There never has been a more critical time for companies to invest in their online security than today. Whether it is by partnering with a service provider like Verisign for DDoS Protection Services, or by developing an in-house solution, the key is to make sure you have a detection and mitigation plan in place because in today’s ever-evolving cyberthreat landscape it is no longer a matter of if, but when you will be hit with a DDoS attack.
To learn more about whether your infrastructure is capable of handling a multi-vector DDoS attack, join me and Forrester Principal Analyst Rick Holland for a webinar on June 19, during which we will present an overview of DDoS trends, the results of the Forrester research and tips for IT security and operations professionals on how to improve DDoS attack readiness.
Register now for the Verisign and Forrester webinar, titled, “Is Your Infrastructure Capable of Handling a Multi-Vector Attack” on June 19.