When comparing Q3 2017 to Q2 2017, Verisign saw a 17 percent decrease in the number of attacks, and a 70 percent decrease in the peak size of the average attack, said a study from cybersecurity firm. Attackers continue to launch repeated attacks against their targets. In fact, Verisign observed that 45 percent of customers who experienced DDoS attacks in Q3 2017 were targeted multiple times during the quarter. DDoS attacks remain unpredictable and vary widely in terms of speed and complexity.
Verisign Distribution Denial of Service Trends, observed attack trends of July – September, the third quarter of 2017. These trends include attack statistics, behavioural trends and future outlook. Compiled on the basis of observations and insights about attack frequency and size obtained from mitigations enacted on behalf of customers from Verisign DDOS Protection Services.
Eighty-eight percent of DDoS attacks mitigated by Verisign in Q3 2017 employed multiple attack types. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event. Today’s DDoS attacks require continuous monitoring to more efficiently tailor mitigation strategies.
UDP flood attacks dominated in Q3 2017, accounting for 56 percent of total attacks in the quarter. The most common UDP floods included Domain Name System (DNS), Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP), Character Generator Protocol (CHARGEN) and Simple Network Management Protocol (SNMP) reflective amplification attacks.
The largest volumetric DDoS attack observed by Verisign in Q3 2017 was a multi-vector attack that peaked at approximately 2.5 Gbps and around 1 Mpps for one hour. The attack consisted of a wide range of attack vectors including TCP SYN and TCP RST floods; DNS, ICMP and Chargen Amplification attacks, and invalid packets. The different attack vectors required continuous monitoring and changing of countermeasures to effectively mitigate.
The highest intensity packet flood in the quarter, consisting of a TCP SYN and UDP floods mixed with invalid packets, peaked at approximately 2.3 Mpps and around 1 Gbps. That attack lasted approximately two and a half hours.