Today’s DDoS attacks require continuous monitoring to optimize mitigation strategies.
Verisign observed a 53% increase in the number of attacks in Q1 2018 compared to Q4 2017 and a 47% increase in the average of attack peak sizes. From Q1 2017 to Q1 2018, Verisign observed a Y-o-Y decrease of 21% in the average of attack peak sizes. Verisign additionally observed that 67% of customers who experienced DDoS attacks in Q1 2018 were targeted multiple times during the quarter. Overall, DDoS attacks remain unpredictable and vary widely in terms of speed and complexity.
Multi-Vector DDoS Attacks Remain Constant
58% of DDoS attacks mitigated by Verisign in Q1 2018 employed multiple attack types. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event. Today’s DDoS attacks require continuous monitoring to optimize mitigation strategies.
Types of DDoS Attacks
Continuing the trend, UDP flood attacks were the most common attack vector accounting for 50% of total attacks in the quarter. The most common UDP floods included Domain Name System (DNS), Network Time Protocol (NTP), Lightweight Directory Access Protocol (LDAP), Simple Network Management Protocol (SNMP) and Memcached reflective amplification attacks.
Largest Volumetric Attack and Highest Intensity Flood Attack
The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2018 was a multi-vector attack that peaked at approximately 70 Gbps and over 7 Mpps. This attack sent a flood of traffic to the targeted network for about an hour. The attack consisted of a wide range of attack vectors including TCP SYN and TCP RST floods, DNS amplification attacks, Internet Control Message Protocol (ICMP) floods and invalid packets.