DDoS Attacks Continue to Grow in Size, Volume

Arbor Networks reports the largest ever DDoS attack at 334G bps, as well as an increase in the volume of large DDoS attacks.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

DDoS attacks

Arbor Networks is reporting the largest distributed denial-of-service (DDoS) attack it has ever seen—a 334G-bps attack against an organization in India.

Overall, the volume of large DDoS attacks continues to grow, according to Arbor's Q1 2015 global DDoS report, which the company released on April 28. Arbor found that 17.7 percent of attacks were over 1G bps in the first quarter of 2015, up from 16 percent in the first quarter of 2014. In addition, Arbor reported that there were 25 attacks with more than 100G bps of attack traffic during the first quarter of 2015.

"We are not surprised at the number of attacks exceeding 100G bps, as this is continuing the trend we saw last year," Gary Sockrider, solutions architect at Arbor Networks, told eWEEK.

Arbor also reported an increase in Simple Service Directory Protocol (SSDP) reflection attacks, with 126,000 SSDP attacks in the first quarter, up from 83,000 in the fourth quarter of 2014. The largest SSDP attack found by Arbor was a 137.88G- bps attack.

At the end of 2014, VeriSign reported that it too had seen an increase in SSDP attack volume.

As to why SSDP attacks are growing, the answer isn't all that clear. "It is difficult to be certain, but we know that SSDP infrastructure is vulnerable and the attacks are effective," Sockrider said. "It is common to see successful techniques repeated over time, just as we saw last year with NTP [Network Time Protocol]-based reflection/amplification attacks."

At the beginning of 2014, NTP-based DDoS reflection attacks were a common attack vector. Now, however, SSDP-based attacks are more common and pervasive than NTP-based attacks.

Another Arbor finding was that the majority of attacks are short-lived, with approximately 90 percent of attacks lasting less than 1 hour. The reason why so many DDoS attacks are short-lived, Sockrider believes, is a combination of effective defenses and attackers achieving their goals.

"We know that many network operators are investing in enhanced capabilities and other entities are taking advantage of cloud-based mitigation services," Sockrider said. "While there is still much to be done, these are positive signs."

Looking at the geography of DDoS attacks, Arbor found that the United States and China, both at 16 percent, were the top overall attack targets. Looking specifically at DDoS attacks of 10G bps or higher, France came in first with18 percent of attacks, with the U.S. second at 13 percent.

Given the clear trends in recent years, it is likely that DDoS attacks will continue to proliferate, Sockrider said.

"Increased frequency of very large attacks attack exceeding 100G bps should be expected and will likely continue to leverage reflection amplification techniques," he said. "Additionally, we've seen a clear trend of increased application layer attacks and also combining those with volumetric floods to create a more complex multi-vector attack."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.