VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Similar documents
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

DDoS MITIGATION BEST PRACTICES

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Global DDoS Threat Landscape

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

A10 DDOS PROTECTION CLOUD

Cyber War Chronicles Stories from the Virtual Trenches

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

AKAMAI CLOUD SECURITY SOLUTIONS

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Prolexic Attack Report Q4 2011

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

DDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Comprehensive datacenter protection

Defending against increasingly sophisticated DDoS attacks

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

Imperva Incapsula Product Overview

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Arbor WISR XII The Stakes Have Changed. Julio Arruda V1.0

TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND

Enterprise D/DoS Mitigation Solution offering

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

akamai s [state of the internet] / security

RSA INCIDENT RESPONSE SERVICES

MULTIPLAYER GAMING SOLUTION BRIEF

Check Point DDoS Protector Introduction

SUPERCHARGE YOUR DDoS PROTECTION STRATEGY

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

War Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert

Cisco Firepower with Radware DDoS Mitigation

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Analisi degli attacchi DDOS e delle contromisure

A GUIDE TO DDoS PROTECTION

DDoS Detection&Mitigation: Radware Solution

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

CIO INSIGHTS Boosting Agility and Performance on the Evolving Internet

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

Corrigendum 3. Tender Number: 10/ dated

TDC DoS Protection Service Description and Special Terms

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)

Mitigating DDoS Attacks in Zero Seconds with Proactive Mitigation Controls

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

AKAMAI THREAT ADVISORY. Satori Mirai Variant Alert

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

DDoS Mitigation & Case Study Ministry of Finance

The Presence and Future of Web Attacks

IBM Cloud Internet Services: Optimizing security to protect your web applications

Validating the Security of the Borderless Infrastructure

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

haltdos - Web Application Firewall

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Corero & GTT DDoS Trends Report Q2 Q3 2017

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Cloudflare Advanced DDoS Protection

Distributed Denial of Service (DDoS)

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Radware DefensePro DDoS Mitigation Release Notes Software Version Last Updated: December, 2017

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

A Survey of Defense Mechanisms Against DDoS Flooding A

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

SOTI SUMMER [state of the internet] / security ATTACK SPOTLIGHT

RSA INCIDENT RESPONSE SERVICES

Check Point DDoS Protector Simple and Easy Mitigation

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

WHITE PAPER Hybrid Approach to DDoS Mitigation

Imperva Incapsula Website Security

Cybersecurity with Automated Certificate and Password Management for Surveillance

Arbor White Paper Keeping the Lights On

Inline DDoS Protection versus Scrubbing Center Solutions. Solution Brief

Solutions to prevent IoT devices to be used for DDOS attacks. WISeKey General Business Use

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

Achieve deeper network security

Transcription:

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by

CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS Attacks Remain Unpredictable and Persistent 4 Multi-Vector DDoS Attacks are the Norm 6 Largest Volumetric Attack and Highest Intensity Flood 8 Attacks Against Financial Sector Increase 9 FEATURE ARTICLE The Best of Both Worlds: Combining Technology and the Human Element to Mitigate DDoS Attacks 11 VERISIGN DDoS TRENDS REPORT Q1 2017 2

EXECUTIVE SUMMARY This report contains the observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services from Jan. 1, 2017 through March 31, 2017 (Q1 2017). It represents a unique view into the attack trends unfolding online, including attack statistics and behavioral trends for Q1 2017. Verisign observed the following key trends in Q1 2017: Number of Attacks 23% decrease compared to Q4 2016 Peak Attack Size Volume 121 Gigabits per second (Gbps) Speed 90 Million packets per second (Mpps) Most Common Attacks Mitigated 46% of attacks were User Datagram Protocol (UDP) floods 57% of attacks employed multiple attack types Average Peak Attack Size 14.1 Gbps 26% increase from Q4 2016 26% increase compared to Q4 2016 23% of attacks over 10 Gbps and 36% of attacks over 5 Gbps Q1 2017 had a 26% INCREASE in average peak attack size compared to Q4 2016 VERISIGN DDoS TRENDS REPORT Q1 2017 3

VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 DDoS Attacks Remain Unpredictable and Persistent Verisign saw a 23 percent decrease in the number of attacks in Q1 2017; however, the average peak attack size increased 26 percent compared to the previous quarter. Attackers also launched sustained and repeated attacks against their targets. In fact, Verisign observed that almost 50 percent of customers who experienced DDoS attacks in Q1 2017 were targeted multiple times during the quarter. In Q1 2017, Verisign observed that DDoS attacks remain unpredictable and persistent, and vary widely in terms of volume, speed and complexity. To combat these attacks, it is becoming increasingly important to constantly monitor attacks for changes in order to optimize the mitigation strategy. Attack Size 59% peaked over 1 Gbps 36% peaked over 5 Gbps >10 Gbps >5<10 Gbps >1<5 Gbps <1 Gbps 2015-Q2 2015-Q3 2015-Q4 2016-Q1 2016-Q2 2016-Q3 2016-Q4 2017-Q1 100 80 60 40 20 0 Percent of Attacks Figure 1: Mitigation Peaks by Quarter from Q2 2015 to Q1 2017 VERISIGN DDoS TRENDS REPORT Q1 2017 4

Average Attack Peak Size 14.1 Gbps 26% increase in average peak attack size compared to Q4 2016 Every quarter since the first quarter of 2016 has had average attack peak sizes of over Overall, average peak attack sizes have been noticeably larger since Q1 2016. 19.4 17.4 20 18 16 10 GBPS 12.8 11.2 14.1 14 12 10 Gbps 5.5 7.0 6.9 8 6 4 2 2015-Q2 2015-Q3 2015-Q4 2016-Q1 2016-Q2 2016-Q3 2016-Q4 2017-Q1 0 Figure 2: Average Attack Peak Size by Quarter from Q2 2015 to Q1 2017 VERISIGN DDoS TRENDS REPORT Q1 2017 5

Multi-Vector DDoS Attacks are the Norm Fifty-seven percent of DDoS attacks mitigated by Verisign in Q1 2017 employed multiple attack types. Verisign observed DDoS attacks targeting victim networks at multiple network layers and attack types changing over the course of DDoS events, thus requiring continuous monitoring to optimize the mitigation strategy. 17% 8% 6% 43% 1 Attack Type 2 Attack Types 3 Attack Types 4 Attack Types 5+ Attack Types 57% of DDoS attacks in Q1 2017 utilized at least two different attack types. 26% Figure 3: Number of Attack Types per DDoS Event in Q1 2017 VERISIGN DDoS TRENDS REPORT Q1 2017 6

Types of DDoS Attacks UDP flood attacks continue to lead in Q1 2017, making up 46 percent of total attacks in the quarter. The most common UDP floods mitigated were Domain Name System (DNS) reflection attacks, followed by Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) reflection attacks. While UDP-based attacks continued to dominate the types of attacks deployed, the number of TCP-based attacks increased. TCP floods, largely consisting of TCP SYN and TCP RST floods, were the second most common attack vector, making up 33 percent of attack types in the quarter. 46% of attacks were UDP FLOODS 13% 4% 4% 33% 46% UDP Based IP Fragment Attacks TCP Based Layer 7 Other Figure 4: Types of DDoS Attacks in Q1 2017 VERISIGN DDoS TRENDS REPORT Q1 2017 7

Largest Volumetric Attack and Highest Intensity Flood The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120 Gbps and around 90 Mpps. This attack sent a flood of traffic to the targeted network in excess of 60 Gbps for more than 15 hours. The attackers were very persistent in their attempts to disrupt the victim s network by sending attack traffic on a daily basis for over two weeks. The attack consisted primarily of TCP SYN and TCP RST floods of varying packet sizes and employed one of the signatures associated with the Mirai IoT botnet. The event also included UDP floods and IP fragments which increased the volume of the attack. At approximately 90 Mpps, the speed of the attack was the fastest pps rate observed in Q1 2017. SYN flood attacks at such high pps rates can be disruptive and require a highly scalable cloud-based service that can quickly and effectively defend against such attacks. VERISIGN DDoS TRENDS REPORT Q1 2017 8

Mitigations on behalf of Verisign Customers by Industry for Q1 2017 1 IT Services/ Cloud/SaaS 58% of mitigations Financial 28% of mitigations Media and Entertainment/ Content 6% of mitigations E-Commerce and Online Advertising 4% of mitigations Telecommunications and Other 2% of mitigations Public Sector 2% of mitigations Average attack size: Average attack size: Average attack size: Average attack size: Average attack size: Average attack size: 22.5 Gbps 1.7 Gbps.63 Gbps 32.6 Gbps.51 Gbps 31.9 Gbps Attacks Against Financial Sector Increase The financial sector continues to be a constant target for DDoS attacks. In Q1 2017, Verisign s financial sector customers experienced the second highest number of DDoS attacks (28 percent) of any industry sector within Verisign s customer base (a large increase from only 7 percent during the prior quarter). IT Services/Cloud remained the sector with the largest number of DDoS attacks in Q1 2017. 1 The attacks reported by industry in this document are solely a reflection of the Verisign DDoS Protection Services customer base. VERISIGN DDoS TRENDS REPORT Q1 2017 9

Peak Attack Size by Industry (Q1 2017) 300 250 200 150 100 Gbps 50 IT Services/ Cloud/SaaS Financial Public Sector Media & Entertainment Telecommunications & Other E-Commerce/ Online 0 Q2 2016 Q3 2016 Q4 2016 Q1 2017 Figure 5: Peak DDoS Attack Size by Industry from Q2 2016 to Q1 2017 VERISIGN DDoS TRENDS REPORT Q1 2017 10

FEATURE ARTICLE THE BEST OF BOTH WORLDS: COMBINING TECHNOLOGY AND THE HUMAN ELEMENT TO MITIGATE DDoS ATTACKS In Q1 2017, Verisign observed that 57 percent of DDoS attacks against its customer base utilized multiple attack vectors. As DDoS attacks increase in complexity and size, combating them becomes more challenging. In response, organizations not only need the right technology capable of meeting this growing threat, but also the right human element. Technical staff with DDoS expertise working in tandem with technology is highly beneficial in keeping networks and infrastructures available during an attack. The Technology Various on-premise firewalls and dedicated DDoS appliances are intended to preemptively stop malicious traffic before it reaches your network. The appliances can be configured with countermeasures or rules to block traffic to certain ports or traffic in a non-compliant format. When configured properly, the associated malicious traffic will be effectively blocked and dropped before it reaches the intended servers. These appliances are adept at handling simple attacks such as SYN floods and UDP floods, allowing some of the processes including detection to mitigation to be automated. However, in order to fine tune attack countermeasures and respond to changing attack tactics, it is important to have the right people working behind the scenes to most effectively combat a wide variety of attacks. The Human Element Attackers are using multiple tactics and adapting them midstream to impact their designated target. For example, Verisign observed that many Layer 7 attacks are regularly mixed in with Layer 3/Layer 4 DDoS flooding attacks. Volumetric flood attacks are easier to defend against than Layer 7 DDoS attacks, which pose a different challenge because it is difficult to distinguish legitimate human traffic from bot traffic. In such cases, a highly trained DDoS team with years of experience and expertise is needed to continuously monitor and adapt a mitigation approach to effectively differentiate bot versus human traffic. VERISIGN DDoS TRENDS REPORT Q1 2017 11

In the event of a zero-day attack, the skills and knowledge of an experienced DDoS mitigation team can really prove its value. For example, zero-day DDoS attacks can use techniques like DNS qnames, HTTP header order, and varying packet sizes in their requests. The technical team is able to work in conjunction with any implemented technology to analyze packet size, bandwidth utilization and headers to determine if additional countermeasures are necessary. The countermeasures include generating, in near real time, attack signatures to neutralize the bad traffic and minimize downtime. In comparison, on-premise appliances may need a patch or upgrade to respond to attacks that are too complex or new. The Best of Both Worlds Mitigating DDoS attacks is an art. There needs to be a balance between the technology and the expertise (skillset, experience and knowledge) of a technical team. Therefore, to effectively prepare for and combat DDoS threats, many organizations are selecting DDoS solutions that strike the right balance between cutting-edge technology and a proven, experienced technical team with a track record of DDoS mitigation expertise. By combining technology with the human element, organizations are getting the best of both worlds to defend against the ever-evolving DDoS threats. TO LEARN MORE ABOUT VERISIGN DDoS PROTECTION SERVICES, VISIT Verisign.com/DDoS. About Verisign Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world s most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the.com and.net top-level domains and two of the internet s root servers, as well as performs the root zone maintainer function for the core of the internet s Domain Name System (DNS). Verisign s Security Services include Distributed Denial of Service Protection and Managed DNS. To learn more about what it means to be Powered by Verisign, visit Verisign.com. *The information in this Verisign Distributed Denial of Service Trends Report (this Report ) is believed by Verisign to be accurate at the time of publishing based on currently available information. All information in this Report is solely a reflection of the observations and insights derived from the DDoS attack mitigations enacted on behalf of, and in cooperation with, the customers of Verisign DDoS Protection Services.Verisign provides this Report for your use in AS IS condition and at your own risk. Verisign does not make any and disclaims all representations and warranties of any kind with regard to this Report, including, but not limited to, any warranties of merchantability or fitness for a particular purpose. VERISIGN DDoS TRENDS REPORT Q1 2017 12

Verisign.com 2017 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners. Verisign Public VRSN_DDoS_CSC_TR_Q1-17_201706

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback