Verisign Q4 2014 DDoS Trends: Public Sector Experiences Largest Increase in DDoS Attacks

Verisign just released our Q4 2014 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services. Many notable observations were made, including a rise in the average size of DDoS attacks against our customers; the most common attack vector continued to be User Datagram Protocol (UDP) amplification attacks leveraging Network Time Protocol (NTP), while Simple Service Discovery Protocol (SSDP) also continued to be exploited. Verisign also mitigated more attacks in December than any other month in 2014.

The most notable observation, however, is that public-sector customers experienced the largest increase in attacks, constituting 15 percent of total mitigations in Q4. Verisign believes the steep increase in the number of DDoS attacks levied at the public sector may be attributed to attackers’ increased use of DDoS attacks as tactics for politically motivated activism, or hacktivism, against various international governing organizations, as well as in reaction to various well-publicized events throughout the quarter, including protests in Hong Kong and Ferguson, Missouri. As outlined in iDefense’s 2015 Cyber Threats and Trends blog post, the convergence of online and physical protest movements contributed to the increased use of DDoS as a tactic against organizations, including the public sector, throughout 2014.

Following are highlights of various trends observed in the Q4 2014 DDoS Trends Report:

  • Average DDoS attack size saw a 14 percent increase over Q3 2014 and a 245 percent increase year over year.
  • Verisign observed sustained volumetric DDoS activity in Q4 2014, with DDoS attacks reaching 60 gigabits per second (Gbps)/16 Millions of packets per second (Mpps) for UDP floods and 55 Gbps/60 Mpps for Transfer Control Protocol (TCP)-based attacks.
  • IT/Services/Cloud/SaaS was the most frequently targeted industry in Q4, and experienced the largest volume of attacks, representing 33 percent of all mitigation activity.
  • Attacks against the Financial Services Industry doubled, accounting for 15 percent of all mitigations.
  • Verisign mitigated more DDoS attacks in December than in any other month of 2014. As described in the Q3 2014 Verisign DDoS Trends Report, the 2014 holiday season was in full swing in Q4, and Verisign has historically seen an increase in DDoS activity against customer organizations during this period each year.
  • 42 percent of attacks peaked at more than 1 Gbps, with 17 percent leveraging more than 10 Gbps of DDoS traffic.

Finally, the increasing availability of DDoS-for-hire services – also known as “booters” – presents a huge risk for security professionals, as they enable virtually anyone to hire skilled cyber criminals to launch a targeted DDoS attack for as little as $2 USD per hour. This quarter’s feature article, “DDoS-for-Hire Services Mean Greater Threat to Business,” outlines how this malicious marketplace works, and presents some sobering details on just how affordable hiring a DDoS attack has become.

For more on DDoS trends in Q4, access the full Q4 2014 report here. To read more about what we saw in Q3, including the increase in frequency in DDoS attacks of 10 Gbps in size, which accounted for 20 percent all mitigations in Q3, you can access that report here.

Be sure to check back in a few months when we release our Q1 2015 DDoS Trends Report.