Corero: Industry Observations of DDoS Trends
Observing and analyzing DDoS attacks over a period of time helps us all understand trends so that we can better prepare for the future. Verisign has recently published its DDoS Trends Report for the last half of 2014, and there are some interesting observations.
For one thing, attacks are growing larger in size. In the attacks observed by Verisign in the latter half-year span of 2014, 65% were greater than 1 Gbps in size. Some of the largest attacks reached approximately 300 Gbps, but fortunately those were exceptional cases.
Verisign did say it mitigated multiple attacks in the 200+ Gbps range. In all, the average attack size was 12.42 Gbps, which still represents a 291% increase since a year ago. And while the attacks may have been large in size, they were, mercifully, not terribly long in duration.
A common perception is that financial services companies, including banks, are the primary target of DDoS attacks. Perhaps this perception stems from the highly publicized attacks on American banks back in 2012 and 2013.
In reality, for the second half of 2014, the vertical sector most often attacked was Media & Entertainment/Content at 43%, followed closely by IT Services/Cloud/SaaS at 41%. The Financial Services sector caught a break for that half of the year, with only 5% of the DDoS attacks hitting that industry.
The attacks are showing increasing complexity, sometimes quickly and unpredictably changing vectors over the course of the mitigation. For example, Verisign saw sophisticated TCP and UDP floods that targeted specific custom application ports and continuously switched vectors. Attacks are growing more sophisticated in their ability to evade common mitigation approaches.
It’s clear that DDoS attacks have reached a point where specialized mitigation techniques are necessary. It’s noted that some companies simply try to over-provision bandwidth and other resources in order to absorb attacks, but that approach is not only needlessly expensive, it’s hardly feasible anymore as attacks grow in size and complexity. It’s simply an arms race that the defending company is doomed to lose without the right mitigation weapons.
You can read the original article here.