The average DDoS attack size increased 52 percent to 5.53 Gbps from the first to the second quarter of 2015, according to Verisign, despite a rash of smaller attacks intended to extort Bitcoin ransoms, and often targeting the financial industry.
The Q2 2015 DDoS Trends Report shows there were 34 percent more DDoS attacks in the first half of 2015 than in the first half of 2014, with the largest portion of over one-third experienced by IT Services/Cloud/SaaS customers.
Attacks mitigated by Verisign DDoS Protection Services and research by Verisign iDefense Security Intelligence Services went into the report, which indicates general growth in DDoS threats, but also provides an interesting view into the relatively new threat of “DDoS for Bitcoin.”
The financial and payments sector was the second most heavily targeted, facing 22 percent of attacks. Many of those attacks were demands for ransom to be paid in Bitcoin, some of which culminated in DDoS attacks. Verisign determined that over a third of all attacks it had mitigate under 1 Gbps were at least partially driven by DDoS for Bitcoin attacks and targeted the financial industry.
In contrast with these smaller-scale attacks, Verisign observed one DDoS for Bitcoin attack just after Q2 which peaked at 25 Gbps.
Verisign believes the DDoS for Bitcoin attacks are mostly conducted by one small group of individuals, likely less than five people, which has attempted online extortion against at least 36 known targets, and presumably more unknown. Banking, exchanges for Bitcoin and other currencies, and gaming were the industries most commonly targeted.
The largest attack mitigated by Verisign during the quarter was a UDP flood with a mix of NTP and SSDP traffic, targeting the media and entertainment industry. That attack peaked at 82 Gbps and 22 Mpps.