A continuing trend of DDoS attacks are short in duration and repeated frequently. In parallel, high-volume and high-rate DDoS attacks were on the upswing in the first half of 2014, according to NSFOCUS.
Attacks continue to be short in duration with repeated frequency: More than 90 percent of attacks detected lasted less than 30 minutes. This ongoing trend indicates that latency-sensitive websites, such as online gaming, eCommerce and hosting service should be prepared to implement security solutions that support rapid response.
High-rate, high-volume attacks increased: DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50% DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16%. And over 2% of DDoS attacks were launched at a rate of over 3.2Mpps.
Top three DDoS attack methods revealed: HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially.
Increase in ISPs, enterprises and online gaming targets: Attacks targeting ISPs increased by 87.2 percent, enterprises by 100.5 percent and online gaming by 60 percent.
Longest, largest and highest-frequency attacks: The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks.
Ameen Pishdadi, Founder of DDoS protection leader GigeNET, comments: “The most popular attacks we see are DNS reflection and NTP. NTP was huge at beginning of the year and were substantially larger then normal , now that the NTP bug has been plugged and time has gone by that enough servers have been patched the volume in size and frequency has gone down significantly.”
Results of statistical analysis and key observations are based on data from actual incidents of DDoS attacks that occurred during the first half of 2014. Data was collected from a mix of global enterprises, Internet service providers, regional telecom operators, and Internet hosting companies. Comparisons are based on 1H2014 as compared to 2H2013.