Arbor Network Releases Global Data to Show Increase in Size and Speed of DDoS Attack in Second Quarter

By CIOReview | Thursday, October 8, 2015

FREMONT, CA: Arbor Networks, a provider of Distributed Denial of Service (DDoS) and advanced threat protection solutions for enterprise and service provider networks, unveils Global DDoS attack data for the second quarter (Q2) to show strong growth in the average size of DDoS attacks from both a bits-per-second and packets-per-second perspective.

The released data is gathered through ATLAS, a collaborative partnership of Arbor Networks with more than 330 service provider customers who share anonymous traffic data in order to deliver a comprehensive, aggregated view of global traffic and threats. It collected 120TB/sec of Internet traffic. ATLAS is the source of data for the Digital Attack Map, a visualization of global DDoS attacks created in collaboration with Google Ideas.

The data provided by ATLAS reveals that a majority of very large volumetric attacks leverage a reflection amplification technique using Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and Domain Name System (DNS) servers, detecting large numbers of significant attacks all around the world. Using Reflection amplification technique, an attacker can magnify both the amount of traffic generated and bewilder the original sources of that attack traffic.

The global Q2 data reveals that the increase in use of reflection amplification technique for launching DDoS attacks lies on two unfortunate factors which include: improper implementation of filters by providers at the edge of their network to block traffic with a spoofed source IP address; and plenty of poorly configured and protected devices on the Internet enabling UDP services to offer an amplification factor between a query sent to them and the response which is generated.

Arbor Networks considered a 196GB/sec User Datagram Protocol (UDP) flood found in Q2 as the largest attack. Of all the attacks analyzed, range 1GB/sec topped with 21 percent while the most growth was seen in the 2-10GB/sec range. A significant rise in the number of attacks in the 50-100Gbps range in June was also found that mainly comprised SYN floods targeting destinations in the US and Canada. The Q2 data shows that 50 percent of reflection attacks targeted UDP port 80 (HTTP/U).The average duration of a reflection attack in Q2 is 20 minutes.

“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprise around the world. Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the Internet connectivity of many businesses, it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place,” says Darren Anstee, Chief Security Technologist, Arbor Networks.