DDoS attacks continue to fall in size and frequency
The newest up-and-coming countries of origin for DDoS attacks will be Vietnam, India and Indonesia in 2015, according to Black Lotus.
While these countries don’t have the necessary bandwidth to launch massive DDoS attacks, the volume of compromised end point devices, such as mobile phones, make them prime sources of new botnets. China topped the list of leading sources of DDoS attacks in Q3 2014, followed by the United States and Russia.
The Black Lotus mitigation team expects attackers will continue to resort to non-amplification attacks when there are not enough vulnerable systems available to exploit for reflection methods, and they anticipate a rise in mobile DDoS attacks as emerging countries increase smartphone subscriber usage.
IT managers and security teams will need to adjust strategies to handle targeted, multi-vector attacks to thwart outages rather than volumetric methods, while preparing against growing packet volume that may saturate their existing DDoS safeguards.
The largest bit volume DDoS attack observed during the report period was 15.2 Gbps on September 3, a marked decline in volume since the beginning of 2014, due to NTP and other types of amplification attacks becoming more difficult to execute without sufficient NTP vulnerabilities.
Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyber attackers targeting crucial ports to thwart legitimate traffic from reaching online destinations.
73 percent of the 201,721 attacks observed during Q3 2014 were regarded as severe, nearly half of which were SYN flood attacks and 15 percent targeted Web servers (HTTP) and domain name services (DNS).
The average attack during the period reported was 3.2 Gbps, a sustained increase in bit volume, and 1.0 million packets per second (Mpps), a continued decrease in packet volume since last quarter. This indicated a change of attack methods from large volumetric network-based attacks to complex attacks using multiple vectors, with both application layer attacks and SYN flood attacks blended together, meaning security practitioners will need to leverage intelligent DDoS mitigation rather than budgeting extra network bandwidth.
“DDoS attacks continue to fall in size and frequency in 2014, making them easier to handle for tier one carrier networks with excess capacity, but still tricky to manage for organizations with less bandwidth,” said Shawn Marck, CSO of Black Lotus. “The widespread education of ways to thwart NTP caused attackers to resort to tried and true blends of SYN flood and application layer attacks, which are very difficult to mitigate using conventional network hardware as these types target the same port needed to serve legitimate users.”