Verisign just released its Q3 2014 DDoS Trends Report, which details observations and insights derived from distributed denial of service attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services from July through September of this year. Many notable observations were made, including a rise in the average number of attacks per customer, exploitation of the recently publicized SSDP vulnerability and some notable malicious code trends that will likely contribute to increased DDoS attack activity in the future.
Most notable, however, is the increase in frequency of DDoS attacks exceeding 10 Gbps in size, accounting for more than 20 percent of all mitigations, with the largest observed attack (90 Gbps) experienced by an E-commerce customer. This attack was a pulsing User Datagram Protocol (UDP) flood employed in short bursts of 30 minutes or fewer. It consisted primarily of Network Time Protocol (NTP) reflective amplification attack traffic. This activity was aimed at disrupting the critical online commerce capability of the customer and was successfully mitigated by Verisign.
With the 2014 holiday season in full swing, the E-commerce and Financial industries must be particularly vigilant and prepared for DDoS attacks during their peak revenue and customer interaction season. Historically, Verisign has seen an increase in DDoS activity against these verticals during the holidays and anticipates that this trend will continue. This highlights the need for more advanced DDoS protection capabilities other than the standard defenses of over-provisioning of bandwidth and on-premise mitigation devices, which are rendered ineffective the moment a DDoS attack exceeds an organization’s upstream bandwidth, or their Internet service provider’s capacity.
Following are highlights of various trends observed in the Q3 2014 DDoS Trends Report:
- Attacks exceeding 10 Gbps in size increased in frequency to account for more than 20 percent of all mitigations.
- Attackers were persistent in launching attacks against targeted customers, averaging more than three separate attempts per target.
- For the first time, Verisign has directly observed attackers using a new protocol for UDP reflection attacks: Simple Service Discovery Protocol (SSDP / UDP port 1900).
- The most frequently targeted industry this quarter was Media and Entertainment, representing more than 50 percent of all mitigation activity.
- The largest attacks targeted the E-Commerce industry, with the largest peaking at more than 90 Gbps.