Distributed Denial of Service (DDoS)

Similar documents
Distributed Denial of Service (DDoS)

Global DDoS Threat Landscape

( ) 2016 NSFOCUS

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Prolexic Attack Report Q4 2011

2015 DDoS Attack Trends and 2016 Outlook

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Arbor WISR XII The Stakes Have Changed. Julio Arruda V1.0

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Analisi degli attacchi DDOS e delle contromisure

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

DDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation.

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

Practical Guide to Choosing a DDoS Mitigation Service WHITEPAPER

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

Be certain. MessageLabs Intelligence: May 2006

Cloudflare Advanced DDoS Protection

DDoS Mitigation & Case Study Ministry of Finance

SmartWall Threat Defense System - NTD1100

Global DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

SOTI SUMMER [state of the internet] / security ATTACK SPOTLIGHT

DDOS-GUARD Q DDoS Attack Report

Cyber War Chronicles Stories from the Virtual Trenches

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

SUPERCHARGE YOUR DDoS PROTECTION STRATEGY

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Global DDoS Threat Landscape

IBM Cloud Internet Services: Optimizing security to protect your web applications

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

A10 DDOS PROTECTION CLOUD

Imperva Incapsula Product Overview

The Application Usage and Risk Report End User Application Trends in the Enterprise - Country Specific Findings

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

A GUIDE TO DDoS PROTECTION

akamai s [state of the internet] / security

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

Data Sheet. DPtech Anti-DDoS Series. Overview. Series

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

CDNetworks DDoS Attack Trends and Outlook for February 2015 CDNetworks Security Service Team. Copyright 2015 CDNetworks

YEAR-END 201O BROADBAND AND IPTV REPORT HIGHLIGHTS: GLOBAL BROADBAND PENETRATION IS THE CRITICAL DRIVER BEHIND BROADBAND FORUM s IPv6 SOLUTIONS

Corero & GTT DDoS Trends Report Q2 Q3 2017

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

Corrigendum 3. Tender Number: 10/ dated

Embargo date: 0600hrs (CEST) on August 17, 2015

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

Phishing Activity Trends Report August, 2005

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

Advanced Attack Response and Mitigation

Mitigating DDoS Attacks in Zero Seconds with Proactive Mitigation Controls

A Survey of Defense Mechanisms Against DDoS Flooding A

Incapsula Guide to Selecting a DDoS Solution WHITE PAPER

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Intelligent and Secure Network

Security Whitepaper. DNS Resource Exhaustion

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Arbor Solution Brief Arbor Cloud for Enterprises

Introduction to DDoS Attacks

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Large FSI DDoS Protection Reference Architecture

Preparing your network for the next wave of innovation

Insight Guide into Securing your Connectivity

Transforming Security from Defense in Depth to Comprehensive Security Assurance

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

Global IP Network (GIN) Connects You to the World

NinthDecimal Mobile Audience Q Insights Report

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

I D C T E C H N O L O G Y S P O T L I G H T

ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL STUB ROUTER FUNCTIONALITY

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Hongbo Yang, Xiaobing Sun, Richard Zhao

Table of contents Contacts 18

Cloud DNS. High Performance under any traffic conditions from anywhere in the world. Reliable. Performance

Phishing Activity Trends Report August, 2006

Corero Network Security plc

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

NinthDecimal Mobile Audience Insights Report. Q Spotlight on Quick Service (QSR) & Casual Dining Restaurants

August 14th, 2018 PRESENTED BY:

IxLoad-Attack TM : Network Security Testing

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

Configuring attack detection and prevention 1

Transcription:

Global Leader in DDoS Mitigation Threat Report Distributed Denial of Service (DDoS) Threat Report Q1 2017 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550

Contents 1. Methodology................... 3 2. Key Observations for Q1 2017............... 4 3. Quarterly Focus: Attackers Don t Go on Vacation During Holidays..... 5 3.1 Holidays Are No Longer Peaceful................... 5 3.2 A New Years Nightmare................... 5 3.3 Heavy Hits on the Day of Romance............... 5 3.4 Attack Frequency Changes............... 6 4. DDoS Activities................... 7 4.1 Types of Vectors...... 7 4.2 Quantity of Attack Vectors...... 8 4.3 Attack Duration...... 8 4.4 Attack Size Distribution...... 9 4.5 Global Attack Source Distribution...... 9 4.6 APAC Attack Source Distribution...... 10 4.7 Reflective DDoS Attacks by Autonomous System Number (ASN)...... 11 5. Conclusions................... 12 2

1. Methodology As the global leader in Distributed Denial of Service (DDoS) attack mitigation, Nexusguard observes and collects real-time data on threats facing enterprise and service-provider networks worldwide. Data is gathered via botnet scanning, Honeypots, ISPs, and traffic moving between attackers and their targets. The analysis conducted by Nexusguard and our research partner, attackscape.com (https://www.attackscape.com/), identifies vulnerabilities and measures attack trends worldwide to provide a comprehensive view of DDoS threats. Attacks and hacking activities exert a sizeable impact on cybersecurity. Because of the comprehensive, global nature of our data sets and observations, Nexusguard is able to evaluate DDoS events in a manner that is not biased by any single set of customers or industries. Many zero-day threats are first seen on our global research network. These threats, among others, are summarized in our quarterly reports. 3

2. Key Observations for Q1 2017 In Q1 2017, the number of DDoS attacks observed by Nexusguard registered a 380% year-on-year growth, suggesting that DDoS attacks occurred more frequently than the same period a year ago. It can be concluded that the impact of seasonal factors on attack frequency has become less apparent. Uncommonly fierce attacks were observed in Q1 2017 much more so than in preceding quarters. An enormous 275Gbps attack took place during Valentine s Day and a lengthy attack spanning 4,060 minutes occurred over the Chinese New Year. The percentage of days with sizeable attacks (larger than 10Gbps) grew considerably between January (48.39%) and March (64.29%). HTTP attack counts and total attack counts increased over Q4 2016 by 147.13% and 37.59% respectively. 4

3. Quarterly Focus: Attackers Don t Go on Vacation During Holidays As noted in our Q4 2016 report, 200+Gbps attacks have become commonplace. Such largescale attacks continued this quarter, but now with more frequency, longer durations, and greater complexity, especially with the increased use of HTTP GET/POST flood to target the application layer. Multi-vector attacks in the form of advanced persistent threats (APT) also became more common. During Q1, attackers didn t take a break for any holidays. 3.1 Holidays Are No Longer Peaceful Prior to 2017, attacks were not common in the year s first quarter. This year, however, the magnitude and frequency of attacks reached an unprecedented level. Two attacks with the largest size and duration ever were tracked during Q1 holidays in APAC and the West. 3.2 A New Years Nightmare In APAC, a lengthy attack January 28-31, the period of Chinese New Year, lasted 2 days, 19 hours, and 40 minutes. It was a widespread, disruptive event that left celebrants weary and exhausted upon returning to work. 3.3 Heavy Hits on the Day of Romance In the West, an attack over Valentine s Day (February 14-15) lasting 21 hours and 31 minutes spiked up to 275.77Gbps. It was an unusual event in that Valentine s Day had not been targeted previously. 5

3.4 Attack Frequency Changes Q1 2017 saw increased frequency of DDoS attacks compared with corresponding quarters in 2015 and 2016, during which attacks were less scalable and frequent. 2017 attack counts increased by 231.12% over Q1 2015 and 379.84% over Q1 2016. The turning point, when gigantic, continuous attacks began to wreak havoc, appears to be Q4 2016, reflecting a ripple effect of increased Botnet activity that occurred in the year s final quarter. Figure 1. Attack Frequency in Q1 2015 through 2017 6

4. DDoS Activities 4.1 Types of Vectors In Q1 2017, 21 attack vectors were identified in 16,641 attacks. HTTP Flood was the predominant type, contributing 24.36%. TCP Flag Invalid Attack took second place at 20.28%. TCP SYN Attack and UDP Attack were the third and fourth leading vectors with 17.17% and 13.85% respectively. HTTP Flood TCP Flag Invalid Attack TCP SYN Attack UDP Attack IP Fragmentation Attack HTTPS Flood ICMP Attack TCP RST Attack DNS Amplification Attack UDP Fragmentation Attack DNS Attack NTP Amplification Attack SSDP Amplification Attack IP Bogons TCP Fragmentation Attack SNMP Amplification Attack SIP Flood IP LAND Attack TCP Out of state Attack TCP Connection Flood 3.71% 3.20% 2.36% 1.99% 1.60% 1.23% 1.15% 0.89% 0.83% 0.23% 0.16% 0.01% 0.01% 0.01% 0.01% Figure 2. Distribution of DDoS Attack Vectors 6.96% 13.85% 17.17% 20.28% 24.36% 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% The total number of attacks in Q1 2017 jumped 37.59% over Q4 2016. HTTP attacks proliferated, showing an increase of 147.13% in the quarter. Application layer attacks encompassing HTTP Flood (86.77%) and HTTPS Flood (13.23%) soared as predicted in our Q4 2016 threat report. 93.75% of the attacks were mixed with volumetric and application aspects, whereas only 6.25% were pure application attacks. Since they call for multi-layered defense mechanisms, which are costly and, therefore, target enterprises have yet to upgrade their DDoS attack mitigation solutions to in order protect their online resources from the growing threat of multi-vector DDoS attacks. Q4 2016 Q1 2017 Percentage of Attacks Q1 2017 over Q4 2016 HTTP Attack Counts 1640 4053 147.13% Total Attack Counts 11514 15842 37.59% Table 1. Comparison of Attacks - Q4 2016 and Q1 2017 7

4.2 Quantity of Attack Vectors Multi-vector attacks played the leading role in Q1 2017. 31.08% of attacks were single vector, while the rest were multivector. Percentage 10 1.35% 6 1.35% Nunber of attack vector 5 4 3 5.41% 10.81% 20.27% 2 29.73% 1 31.08% 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 Figure 3. Distribution of Attack Vectors in Q1 2017 4.3 Attack Duration More than 48% of attacks lasted longer than 90 minutes: 22.97% were between 91 and 240 minutes, and 12.16% between 241 and 420 minutes. 4.05% of attacks exceeded 1,400 minutes. 60.00% 50.00% 51.35% 40.00% 30.00% 20.00% 10.00% 0.00% Duration(minute) 22.97% 12.16% 5.41% 4.05% 4.05% <=90 91-240 241-420 421-720 721-1200 >1440 Figure 4. Distribution of Attack Duration 8

4.4 Attack Size Distribution Of the attacks recorded in the quarter, more than 22% were sizeable (larger than 10Gbps): 20% ranging between 10Gps - 200Gps, and 2.67% larger than 200Gps. 90.00% 80.00% 77.33% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% 20.00% 2.67% < 10G >=10G and < 200G >=200G Range of Attack size Figure 5. Distribution of Attack Sizes 4.5 Global Attack Source Distribution The US was the leading source of attacks, being the originating point of 23.75% of attacks in Q1. China and Japan followed, with 17.83% and 15.35% respectively. Germany and France vied for a spot in the Top 5, accounting for 7.78% and 6.69%. Country United States China Japan Germany France Netherlands Russian Federation United Kingdom Canada Romania Others (Including 96 countries) Percentage 23.75% 17.83% 15.35% 7.78% 6.69% 3.90% 3.72% 2.48% 2.37% 2.16% 13.96% Table 2. Percentage of Attack Source over Worldwide 9

4.6 APAC Attack Source Distribution In APAC, China was ranked No. 1, being the source of 50.34% of attacks in the region. Japan took the second place with 43.34%. Vietnam, Singapore, South Korea and Taiwan followed Japan with 1.82%, 1.28%, 1.23% and 1.09% respectively. Country China Japan Vietnam Singapore South Korea Taiwan Hong Kong Malaysia Indonesia Philippines Others (Including 4 countries) Percentage 50.34% 43.34% 1.82% 1.28% 1.23% 1.09% 0.81% 0.04% 0.02% 0.01% 0.02% Table 3. Percentage of Attack Source among Asian Countries 10

4.7 Reflective DDoS Attacks by Autonomous System Number (ASN) AS-PNAPTOK placed first among all network ASNs with 30.58%. Second and third were PROXAD and CHINANET- BACKBONE with 11.96% and 11.17% respectively. AS Number 17675 12322 4134 9808 23650 7922 7018 16276 63949 31400 Network Name AS-PNAPTOK PROXAD CHINANET-BACKBONE CMNET-GD CHINANET-JS-AS-AP COMCAST-7922 ATT-INTERNET4 OVH LINODE-AP ACCELERATED-IT Percentage 30.58% 11.96% 11.17% 8.21% 7.72% 7.32% 5.96% 5.79% 5.66% 5.64% Table 4. ASN Rankings with Attack Size 11

5. Conclusions DDoS attacks are no longer concentrated over predictable periods. Holiday or long weekend no matter, the attackers never rest. The patterns are more erratic, the techniques more complex, and the attacks last longer and tend to target multiple vectors. During Q1 2017, application-layer attacks like HTTP GET/POST Flood predominated, overtaking volumetricbased attacks. Furthermore, over the past few years, the increasing adoption of Internet of Things (IoT) has resulted in a massive number of poorly guarded, unsecured devices. The exploitation of the resulting vulnerabilities has fueled the rapid growth of Botnets, which in turn are supplying attackers with myriad hijacked IP addresses, enabling them to launch more long-lasting, sophisticated attacks. To combat these increasingly complex DDoS attacks, which often target multiple vectors at the same time, a multi-layered mitigation platform that leverages a large, redundant scrubbing network with the support of a 24x7 security operations center (SOC) is much needed. 12

Global Leader in DDoS Mitigation About Nexusguard Founded in 2008, Nexusguard is the global leader in fighting malicious Internet attacks. Nexusguard protects clients against a multitude of threats, including distributed denial of service (DDoS) attacks, to ensure uninterrupted Internet service. Nexusguard provides comprehensive, highly customized solutions for customers of all sizes, across a range of industries, and also enables turnkey anti-ddos solutions for service providers. Nexusguard delivers on its promise to maximize peace of mind by minimizing threats and improving uptime. Visit www. for more information. 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550 20170809-EN-A4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback