Verisign Q2 2015 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Verisign just released its Q2 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Many notable observations were made, including:

  • Attacks over five Gbps accounted for 18 percent of all attacks, an increase of two percentage points over Q1 2015.
  • Verisign continued to see an upward trend in the number of attacks in Q2 and mitigated 34 percent more attacks in the first half of 2015 than in the first half of 2014.
  • IT Services/Cloud/SaaS customers experienced the largest volume of attacks in Q2, representing over one-third of all attacks.

The most notable observation is that Verisign’s customer base experienced increased activity from the DDoS for Bitcoin (DD4BC) attacker group in the form of ransom threats, some of which culminated into actual DDoS attacks. While most DDoS attacks range between one to five Gbps, Verisign mitigated DDoS attacks by this group peaking at 25 Gbps in July 2015 (outside of the Q2 period). Additionally, almost a third of the DDoS attacks mitigated by Verisign under the one Gbps range were driven in part by the DD4BC campaign and targeted the Financial industry.

Following are additional highlights of trends observed:

  • The largest volumetric attack Verisign defended in Q2 was a User Datagram Protocol (UDP) flood with a mix of Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) traffic that targeted the Media and Entertainment industry and peaked at 82 Gbps and 22 Mpps.
  • The average attack size increased to 5.53 Gbps, 52 percent higher than Q1 2015.
  • Thirty-eight percent of attacks peaked at more than one Gbps and 20 percent of attacks were between one and five Gbps.
  • The primary DDoS attack vector leveraged in Q2 were UDP floods consisting of NTP and SSDP traffic.
  • The Financial (and Payments) sector was the second most targeted industry, making up 22 percent of attacks mitigated by Verisign, up from 18 percent in Q1 2015 and largely driven by the DD4BC attacker group.
  • The Media and Entertainment industry remains a heavily targeted industry, representing 20 percent of all Verisign mitigations in Q2.

Finally, this quarter’s feature article focuses on one of the most prolific cyber-attack stories during Q2: DD4BC, a small group of people (determined by Verisign iDefense to likely be fewer than five) that has conducted extortion operations globally against at least three dozen known targets – and countless unknown – in industries including Banking, Exchanges (Bitcoin specifically) and Gaming. “The DD4BC Threat Campaign” takes a closer look at the tactics, techniques and procedures (TTPs) deployed by the DD4BC operation and explains why company networks are vulnerable.

For more DDoS trends in Q2, access the full report here and see the below infographic. Be sure to check back in a few months when we release our Q3 2015 DDoS Trends Report.

Verisign DDoS Trends Report - Q2 2015

From Visually.