The unstoppable rise of DDoS attacks

For the past three quarters, there has been a doubling in the number of DDoS attacks year over year, according to Akamai. And while attackers favored less powerful but longer duration attacks this quarter, the number of dangerous mega attacks continues to increase.


In Q2 2015, there were 12 attacks peaking at more than 100 Gigabits per second (Gbps) and five attacks peaking at more than 50 Million packets per second (Mpps). Very few organizations have the capacity to withstand such attacks on their own.

The largest DDoS attack of Q2 2015 measured more than 240 gigabits per second (Gbps) and persisted for more than 13 hours. Peak bandwidth is typically constrained to a one to two hour window. Q2 2015 also saw one of the highest packet rate attacks ever recorded across the Prolexic Routed network, which peaked at 214 Mpps. That attack volume is capable of taking out tier 1 routers, such as those used by ISPs.

DDoS attack activity set a new record in Q2 2015, increasing 132% compared to Q2 2014 and increasing 7% compared to Q1 2015. Average peak attack bandwidth and volume increased slightly in Q2 2015 compared to Q1 2015, but remained significantly lower than the peak averages observed in Q2 2014.

SYN and Simple Service Discovery Protocol (SSDP) were the most common DDoS attack vectors this quarter – each accounting for approximately 16% of DDoS attack traffic. The proliferation of unsecured home-based, Internet-connected devices using the Universal Plug and Play (UPnP) Protocol continues to make them attractive for use as SSDP reflectors. Practically unseen a year ago, SSDP attacks have been one of the top attack vectors for the past three quarters. SYN floods have continued to be one of the most common vectors in all volumetric attacks, dating back to the first edition of the security reports in Q3 2011.


Online gaming has remained the most targeted industry since Q2 2014, consistently being targeted in about 35 percent of DDoS attacks. China has remained the top source of non-spoofed attack traffic for the past two quarters, and has been among the top three source countries since the very first report was issued in Q3 2011.

Compared to Q2 2014:

  • 132.43% increase in total DDoS attacks
  • 122.22% increase in application layer (Layer 7) DDoS attacks
  • 133.66% increase in infrastructure layer (Layer 3 & 4) attacks
  • 18.99% increase in the average attack duration: 20.64 vs. 17.35 hours
  • 11.47% decrease in average peak bandwidth
  • 77.26% decrease in average peak volume
  • 100% increase in attacks > 100 Gbps: 12 vs. 6.

Compared to Q1 2015:

  • 7.13% increase in total DDoS attacks
  • 17.65% increase in application layer (Layer 7) DDoS attacks
  • 6.04% increase in Infrastructure layer (Layer 3 & 4) attacks
  • 16.85% decrease in the average attack duration: 20.64 vs. 24.82 hours
  • 15.46 increase in average peak bandwidth
  • 23.98% increase in average peak volume
  • 50% increase in attacks > 100 Gbps: 12 vs. 8
  • As in Q1 2015, China is the quarter’s top country producing DDoS attacks.