DDoS Attacks: Numbers Down But Size Increased In Q3, Report Says

Distributed denial of service, or DDoS, attacks target a server by bombarding it with information requests, using thousands (or even millions) of computers (usually infected by a Trojan-like malware) simultaneously, thereby overloading the server which cannot handle so many requests at one time. And current trends reveal that the complexity and intensity of such attacks is on the rise.

In its latest quarterly report on DDoS attacks, network infrastructure company Verisign compiled data from its DDoS Protection Services and used insights from iDefense Security Intelligence Services to determine that the number of attacks actually went down by 13 percent in the July-September quarter, compared to the same three months in 2015. But at 12.78 Gbps, the average attack peak size was 82 percent higher than the same time last year.

The biggest attack seen by Verisign had a volume of 257 Gbps with a speed of 152 million packets per second, which was the highest intensity flood ever recorded by the company. The average peak attack size was 12.78 Gbps and 16 percent of the attacks were over 10 Gbps. About 81 percent of the attacks peaked at over 1 Gbps and 30 percent peaked at over 5 Gbps.

Verisign also reported two attacks not directly observed by it but unprecedented in size that took place during the third quarter of the year. There was an approximately 620 Gbps attack against KrebsonSecurity and a 579 Gbps attack reported by Arbor Networks, it said.

The company also reported that 41 percent of its customers were targeted by DDoS attacks multiple times during the quarter and that 41 percent of the attacks used three or more different attack types to avoid mitigation.

The simpler Transmission Control Protocol-based attacks were only 20 percent of the total attacks, while the more complicated User Datagram Protocol (UDP) flood type of attacks formed the bulk of attacks with 49 percent of the total. The highly selective and complicated Layer 7 method accounted for 6 percent of the attacks.

IT services were the worst hit, with 37 percent of attacks targeting the sector. Financial services and the public sector were at the second and third places, with 29 percent and 12 percent of the attacks respectively. The financial industry saw the biggest average attack size of 39.1 Gbps.

Servers of gaming company Blizzard were hit by a DDoS attack Monday, and a large DDoS attacks affected DNS service provider Dyn in October, disrupting access to a large number of popular websites and slowing down the internet.