DDoS attacks decline, but peak size rises
Continuous monitoring required as attack types change
Although, the first quarter of 2017 saw a 23 per cent decrease in the number of Distributed Denial of Service (DDoS) attacks, the average peak attack size increased 26 per cent compared to the previous quarter, a new report revealed on Wednesday.
According to VeriSign, attackers also launched sustained and repeated attacks against their targets.
VeriSign observed that almost 50 per cent of customers who experienced DDoS attacks in the first quarter of 2017 were targeted multiple times. Every quarter since the first quarter of 2016 has had average attack peak sizes of over 10 GBps, the company said in a statement.
DDoS attacks are now targeting victim networks at multiple network layers and attack types are changing over the course of DDoS events, thus requiring continuous monitoring to optimise the mitigation strategy.
VeriSign found that 57 per cent of DDoS attacks utilised at least two different attack types.
“User Datagram Protocol [UDP] flood attacks continue to lead in the first quarter of 2017, making up 46 per cent of total attacks in the quarter. The most common UDP floods mitigated were Domain Name System [DNS] reflection attacks, followed by Network Time Protocol [NTP] and Simple Service Discovery Protocol [SSDP] reflection attacks,” the company said. The number of TCP-based attacks also increased making up 33 per cent of attack types in the quarter. The largest volumetric and highest intensity DDoS attack observed in first quarter was a multi-vector attack that peaked over 120 GBps.