Massive DDoS attacks reach record levels
8 June 2016 | 0
There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100Gb/s during the first three months of the year, almost four times more than in the previous quarter.
“In the past, very few attacks generated with booter/stresser tools exceeded the 100Gb/s mark,” researchers from Akamai said in the company’s State of the Internet security report for the first quarter of 2016.
By comparison, only five DDoS attacks over 100Gbps were recorded during the fourth quarter of 2015 and eight in the third quarter. Nineteen such attacks in a single quarter is a new high, with the previous record, 17, set in the third quarter of 2014. But high bandwidth is not the only aspect of DDoS attacks that can cause problems for defenders. Even lower-bandwidth attacks can be dangerous if they have a high packet rate.
A large number of packets per second poses a threat to routers because they dedicate RAM to process every single packet, regardless of its size. If a router serves multiple clients in addition to the target and exhausts its resources, that can cause collateral damage.
According to Akamai, in the first quarter there were six DDoS attacks that exceeded 30 million packets per second (Mp/s), and two attacks that peaked at over 50Mp/s.
DDoS reflection and amplification techniques continue to be used extensively. These involve abusing misconfigured servers on the Internet that respond to spoofed requests over various User Datagram Protocol (UDP)-based protocols.
Around one-in-four of all DDoS attacks seen during the first three months of 2016 contained UDP fragments. This fragmentation can indicate the use of DDoS amplification techniques, which results in large payloads.
The four next most common DDoS attack vectors were all protocols that are abused for DDoS reflection: DNS (18%), NTP (12%), CHARGEN (11%), and SSDP (7%).
Another worrying trend is that an increasing number of attacks now use two or more vectors at the same time. Almost 60% of all DDoS attacks observed during the first quarter were multi-vector attacks: 42% used two vectors and 17% used three or more.
“The continued rise of multi-vector attacks suggests that attackers or their attack tools are growing more sophisticated,” the Akamai researchers said in their report. “This causes problems for security practitioners, since each attack vector requires unique mitigation controls.”
China, the US and Turkey were the top three countries from where DDoS attack traffic originated, but this indicates where the largest number of compromised computers and misconfigured servers are located, not where the attackers are based.
The most-hit industry was gaming, accounting for 55% of all attacks. It was followed by software and technology (25%), media and entertainment (5%), financial services (4%), and Internet and telecommunications (4%).
Being hit by one is not the only way DDoS attacks can affect businesses: They can also be blackmailed with the threat of one, an increasing trend over the past year.
In some cases, attackers do not even have to deliver on their threats. Researchers from CloudFlare reported recently that an extortion group earned $100,000 (€87,912) without ever launching a single DDoS attack.
IDG News Service