Average DDoS Attack Size Surged in Q1 2017

Verisign recently released its DDoS Trends Report for Q1 2017, which found that 59 percent of distributed denial of service attacks during the quarter peaked over 1 Gbps, and 23 percent peaked over 10 Gbps.

The average peak attack size was 14.1 Gbps, a 26 percent increase over the previous quarter — and almost half of those who experienced DDoS attacks during the quarter were targeted multiple times.

Still, the total number of attacks decreased by 23 percent from Q4 2016.

The largest attack observed by Verisign in Q1 2017 exceeded 60 Gbps for more than 15 hours, and peaked over 120 Gbps. “The attackers were very persistent in their attempts to disrupt the victim’s network by sending attack traffic on a daily basis for over two weeks,” the report states.

Fifty-eight percent of DDoS attacks targeted the IT services/cloud/SaaS industry, 28 percent targeted financial services, and 6 percent targeted media and entertainment.

Unpredictable and Persistent

“In Q1 2017, Verisign observed that DDoS attacks remain unpredictable and persistent, and vary widely in terms of volume, speed and complexity,” the report states. “To combat these attacks, it is becoming increasingly important to constantly monitor attacks for changes in order to optimize the mitigation strategy.”

Separately, Imperva’s Global DDoS Threat Landscape Report for Q1 2017 states that 74 percent of DDoS attack victims suffered repeated assaults during the quarter. Nineteen percent were attacked 10 times or more, up from 13.1 percent in the previous quarter.

“In the most extreme case, an established U.S.-based science news website was hit 1,046 times by low-volume bursts lasting 10 minutes or less,” Igal Zeifman, Incapsula security evangelist at Imperva, told eSecurity Planet by email. “This attack, and many other repeat assaults, fit the pattern of online harassment.”

“These attacks are a sign of the times — launching a DDoS assault has become as simple as downloading an attack script or paying a few dollars for a DDoS-for-hire service,” Zeifman added. “Using these, non-professionals can take a website offline over a personal grievance or just as an act of cyber vandalism in what is essentially a form of Internet trolling.”

Shorter Average Duration

Imperva suggests that the increasing prevalence of such services, which enable customers to launch short, low-volume bursts, has led to a decrease in average attack duration — 90 percent of network attacks during the quarter lasted less than 30 minutes.

The U.S. was the most targeted country during the quarter, accounting for 92.7 percent of all DDoS attacks, and the majority of attacks came from China (50.8 percent), South Korea (10.8 percent) and the United States (7.2 percent).

According to Neustar’s Worldwide DDoS Attacks and Cyber Insights Research Report for May 2017, the average cost of a DDoS attack now exceeds $2.5 million in lost revenue.

“The question organizations must ask now is how they are prepared to manage these highly disruptive events,” Neustar head of research and development Barrett Lyon said in a statement. “Are they prepared for the bad day where they customers call and ask why the website is down?”

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles