Peak DDoS Attack Volume Declines to 600G bps in 2017, Arbor Reports

Distributed denial-of-service (DDoS) attacks are measured in different ways, with volumetric attacks often being the most impactful. In 2017, the peak volumetric DDoS attack came in at 600G bps, compared with 800G bps in 2016, according to the NetScout Arbor 13th annual Worldwide Infrastructure Security Report (WISR). The 93-page report, which was released on Jan. 23, provides insight from Arbor Networks as well as responses from a survey of 390 network operators from around the world. While the peak DDoS attack size was down in 2017, Arbor Networks’ Active Threat Level Analysis System (ATLAS) observed an increase in the total number of DDoS attacks, reporting 7.5 million DDoS attacks in 2017, up from 6.8 million in 2016. In this slide show, eWEEK looks at some of the highlights from the Arbor Networks’ 13th annual Worldwide Infrastructure Security Report.

The peak DDoS attack size in 2017 came in at 600G bps, a decline from 800G bps in 2016.

Arbor Networks’ Active Threat Level Analysis System (ATLAS) observed 7.5 million DDoS attacks in 2017, up from 6.8 million in 2016.

Across enterprise, government and education (EGE), Arbor found that 60 percent of respondents reported being the victim of between one and 10 DDoS attacks.

For data centers, Arbor found that the cost of dealing with a DDoS attack varied, with 39 percent of respondents reporting costs of between $10,000 and $25,000.

For service providers, volumetric attacks are the most common type of DDoS incident, representing 75.7 percent of attacks.

When attackers go after the application layer at service providers, DNS is the most common service targeted.

While attackers are going after DNS at the application layer, they are also abusing DNS servers to help amplify DDoS attacks. DNS is the top type of reflection/amplification attack, according to Arbor, followed by NTP (Network Time Protocol).