[July 21, 2015] |
|
Arbor Networks' ATLAS Data Shows the Average DDoS Attack Size Increasing
Arbor
Networks Inc., a leading provider of DDoS and advanced threat
protection solutions for enterprise and service provider networks, today
released Q2
2015 global DDoS attack data that show strong growth in the average
size of distributed denial-of-service (DDoS) attacks, from both a
bits-per-second and packets-per-second perspective.
This Smart News Release features multimedia. View the full release here:
http://www.businesswire.com/news/home/20150721006082/en/
The largest attack monitored in Q2 was a 196GB/sec UDP flood, a large,
but no longer uncommon attack size. Of most concern to enterprise
networks is the growth in the average attack size. In Q2, 21 percent of
all attacks topped 1GB/sec, while the most growth was seen in the
2-10GB/sec range. However, there was also a significant spike in the
number of attacks in the 50-100GB/sec range in June, mainly SYN Floods
targeting destinations in the US and Canada.
"Extremely large attacks grab the headlines, but it is the increasing
size of the average DDoS attack that is causing headaches for enterprise
around the world," said Arbor Networks (News - Alert) Chief Security Technologist
Darren Anstee. "Companies need to clearly define their business risk
when it comes to DDoS. With average attacks capable of congesting the
Internet connectivity of many businesses, it is essential that the risks
and costs of an attack are understood, and appropriate plans, services
and solutions put in place. "
Active Threat Level Analysis System (ATLAS®) Arbor's
data is gathered through ATLAS,
a collaborative partership with more than 330 service provider
customers who share anonymous traffic data with Arbor in order to
deliver a comprehensive, aggregated view of global traffic and threats.
ATLAS collects 120TB/sec of Internet traffic and is the source of data
for the Digital
Attack Map, a visualization of global DDoS attacks created in
collaboration with Google (News - Alert) Ideas.
Reflection Amplification Attacks Reflection amplification is
a technique that allows an attacker to both magnify the amount of
traffic they can generate, and obfuscate the original sources of that
attack traffic. This technique relies on two unfortunate realities:
firstly, many service providers still do not implement filters at the
edge of their network to block traffic with a 'forged' (spoofed) source
IP address; secondly, there are plenty of poorly configured and poorly
protected devices on the Internet providing UDP services that offer an
amplification factor between a query sent to them and the response which
is generated. The majority of very large volumetric attacks leverage a
reflection amplification technique using the Network Time Protocol (NTP),
Simple Service Discovery Protocol (SSDP) and DNS servers, with large
numbers of significant attacks being detected all around the world.
-
There is some evidence that the storm of reflection amplification
attacks utilizing SSDP might be abating slightly, with 84,000 tracked
in Q2 (similar to the Q4 level) down from 126,000 in Q1 2015.
-
The average attack sizes for DNS, NTP, SSDP and Chargen reflection
amplification attacks all increased in Q2 2015.
-
50 percent of reflection attacks in Q2 targeted UDP port 80 (HTTP/U).
-
Average duration of a reflection attack was 20 mins in Q2 (19 mins in
Q1).
About Arbor Networks Arbor Networks, the cyber security
division of NetScout (News - Alert), helps secure the world's largest enterprise and
service provider networks from DDoS attacks and advanced threats. Arbor
is the world's leading provider of DDoS protection in the enterprise,
carrier and mobile market segments, according to Infonetics (News - Alert) Research.
Arbor's advanced threat solutions deliver complete network visibility
through a combination of packet capture and NetFlow technology, enabling
the rapid detection and mitigation of malware and malicious insiders.
Arbor also delivers market-leading analytics for dynamic incident
response, historical analysis, visualization and forensics. Arbor
strives to be a "force multiplier," making network and security teams
the experts. Our goal is to provide a richer picture into networks and
more security context - so customers can solve problems faster and
reduce the risk to their business.
To learn more about Arbor products and services, please visit our
website at arbornetworks.com
or follow us on Twitter (News - Alert) @arbornetworks.
Arbor's research, analysis and insight, together with data from the
ATLAS global threat intelligence system, can be found at the ATLAS
Threat Portal.
Trademark Notice: Arbor Networks, NetScout, the Arbor Networks logo,
Peakflow, ArbOS, Pravail, Cloud Signaling, Arbor Cloud, ATLAS, We see
things others can't.TM and Arbor Networks.
Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All
other brands may be the trademarks of their respective owners.
View source version on businesswire.com: http://www.businesswire.com/news/home/20150721006082/en/
[ Back To TMCnet.com's Homepage ]
|