Verisign Q2 2015 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Verisign just released its Q2 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

(more…)

Is Your E-Commerce Site Ready for the Holidays?

Even though summer is just heating up, internet retailers already have visions of dollar signs dancing in their heads as they prepare for the onslaught of holiday web traffic that will soon ring in the 2015 holiday season. However, much of their focus is on marketing, and not the critical security measures they need to have in place to help keep their customers safe and satisfied as they shop online during the holidays. 

As we have seen from the numerous security breaches and cyberattacks reported during last year’s holiday season, understanding the threat landscape and putting appropriate mitigation plans in place is critical to a business’s revenue and reputation.  Just one hour of network downtime due to an outage or malicious attack can have far reaching consequences for a retailer, especially during the holidays. 

(more…)

Verisign DDoS Trends Report: Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Verisign just released our Q1 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services.

Many notable observations were made: Verisign mitigated more DDoS attacks in Q1 2015 than in any other quarter in 2014, including seven percent more than Q4 2014. The public sector and financial services industries continued to experience an uptick in attacks, with each constituting 18 percent of total Q1 2015 mitigations. As noted in last quarter’s report, Verisign believes financial services firms and various international governing organizations may be targeted as part of political activism, or hacktivism. In addition, the ready availability and low cost of DDoS toolkits and DDoS botnets-for-hire is making it easier for actors to launch attacks.

(more…)

Verisign OpenHybrid™ for Corero and Amazon Web Services Now Available

Verisign outlined its vision for a revolutionary new approach to Distributed Denial of Service (DDoS) protection by announcing the availability of the Verisign OpenHybrid™ architecture, which helps organizations protect their critical assets and applications across distributed environments from DDoS attacks, using a single solution. By integrating intelligence from a customer’s existing security defenses, Verisign OpenHybrid™ provides timely detection and restoration of services in the event of an attack, while providing increased visibility of DDoS threats across multiple environments such as private datacenters and public clouds.

In an earlier blog post on the topic, I noted the increasing scale and complexity of DDoS attacks, and the strong need for organizations to enable awareness and mitigation of attacks across on-premise devices, in addition to both public and private cloud environments using standards based open protocols.

Today we are pleased to announce two important updates in our path toward enabling open DDoS protection: the availability of Verisign OpenHybrid™ for Corero SmartWall TDS and Verisign OpenHybrid™ for customers hosted in the Amazon Web Services Elastic Compute Cloud.

(more…)

Verisign Q4 2014 DDoS Trends: Public Sector Experiences Largest Increase in DDoS Attacks

Verisign just released our Q4 2014 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services. Many notable observations were made, including a rise in the average size of DDoS attacks against our customers; the most common attack vector continued to be User Datagram Protocol (UDP) amplification attacks leveraging Network Time Protocol (NTP), while Simple Service Discovery Protocol (SSDP) also continued to be exploited. Verisign also mitigated more attacks in December than any other month in 2014.

The most notable observation, however, is that public-sector customers experienced the largest increase in attacks, constituting 15 percent of total mitigations in Q4. Verisign believes the steep increase in the number of DDoS attacks levied at the public sector may be attributed to attackers’ increased use of DDoS attacks as tactics for politically motivated activism, or hacktivism, against various international governing organizations, as well as in reaction to various well-publicized events throughout the quarter, including protests in Hong Kong and Ferguson, Missouri. As outlined in iDefense’s 2015 Cyber Threats and Trends blog post, the convergence of online and physical protest movements contributed to the increased use of DDoS as a tactic against organizations, including the public sector, throughout 2014.

(more…)

Verisign OpenHybrid™: An Essential New Approach to DDoS Protection

Distributed Denial of Service (DDoS) attacks are a threat to businesses worldwide and the attacks are getting larger and more sophisticated.  The industry’s approach to protecting against DDoS attacks must change, and change fundamentally, to stay ahead of this growing threat.

For too long, the problem has been tackled piecemeal, using isolated devices or services. But protecting against DDoS attacks increasingly requires communication and coordination between many components – from networking equipment, to specialized appliances and cloud-based services.

A shift in security architecture is needed to an open platform where devices and services from different vendors can share and act on information in concert. It must be a hybrid platform, allowing on-premise routers and security appliances to detect and mitigate attacks locally, while automating alerting and switchover to cloud-based services if an attack threatens to swamp the business’ network connection.

(more…)

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps On The Rise

Verisign just released its Q3 2014 DDoS Trends Report, which details observations and insights derived from distributed denial of service attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services from July through September of this year. Many notable observations were made, including a rise in the average number of attacks per customer, exploitation of the recently publicized SSDP vulnerability and some notable malicious code trends that will likely contribute to increased DDoS attack activity in the future.

(more…)

Verisign Mitigates 300 Gbps DDoS Attack and Other Q2 2014 DDoS Trends

It has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we’ve ever observed and mitigated – an attack over 300 Gbps against one of our Media and Entertainment customers.

(more…)

The Evolving Threat of Amplification DDoS Attacks

If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.

An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.

(more…)

Introducing the Verisign Quarterly DDoS Trends Report

 Today, Verisign pleased to announce that Verisign is making its inaugural quarterly distributed denial of service (DDoS) trends report available. As the registry for .com and .net and a leading DDoS protection services provider, Verisign has a unique view into online attack trends that enables us to collect attack statistics and behavioral trends that help inform the future outlook for internet cybersecurity.

In our observations, working with customers and industry partners, we have seen DDoS attacks continue to grow in size and frequency over the last few years. Further, attackers have expanded their reach from traditionally enterprise and nation-state targets to include companies of all types and sizes. As attackers evolve their sophisticated techniques and attack vectors, companies that don’t have the major bandwidth or expertise to combat these attacks are at a major disadvantage.

(more…)