Large volume DDoS attacks increased by almost 350 percent from 2013 to the first half of 2014, according to Arbor Networks’ DDoS Attack Trends Q2 2014 report. While average attack size and NTP use decreased compared to Q1, attack duration increased, and Arbor emphasizes that volume was the main theme in DDoS attacks for the first half of the year.
While the report indicates a reduction in attacks over 20Gbps from Q1 to Q2 2014, large attacks were still 40 percent more frequent in Q2 than in 2013. 20Gbps or greater attacks also grew by 8 times from 2012 to 2013. Attacks over 100Gbps also increased in the first half of 2014 to an unprecedented 111 events.
“Following on from the storm of NTP reflection attacks in Q1, volumetric DDoS attacks continued to be a problem well into the second quarter, with an unprecedented 100 attacks over 100GB/sec reported so far this year,” Arbor director of solutions architects Darren Anstee told CNET. “The frequency of very large attacks continues to be an issue, and organizations should take an integrated, multi-layered approach to protection. Even organizations with significant amounts of Internet connectivity can now see that capacity exhausted relatively easily by the attacks that are going on out there.”
The largest attack of the quarter was a relatively modest 154Gbps NTP reflection attack against a target in Spain.
Attacks targeting DNS increased greatly in the quarter, but Non Initial Fragment attacks were still the most common. Over 90 percent of attacks were under an hour in duration, however the average duration grew by 20 percent to 72 minutes.
The consistent increases in both the number and size of attacks have led to a number of cybersecurity industry moves, including F5 Networks’ acquisition of Defense.net in May. The WHIR hosted a webinar with Arbor Networks on protecting clouds from DDoS attacks in April. Companies are even turning to hackers – albeit ethical ones — to help with the growing problem.