VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Similar documents
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

DDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ

Global DDoS Threat Landscape

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Prolexic Attack Report Q4 2011

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Comprehensive datacenter protection

akamai s [state of the internet] / security

RSA INCIDENT RESPONSE SERVICES

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Introduction to DDoS Attacks

The Presence and Future of Web Attacks

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

Distributed Denial of Service (DDoS)

Check Point DDoS Protector Introduction

Analisi degli attacchi DDOS e delle contromisure

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Arbor WISR XII The Stakes Have Changed. Julio Arruda V1.0

Distributed Denial of Service (DDoS)

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

DDoS Protection in Backbone Networks

2015 DDoS Attack Trends and 2016 Outlook

Check Point DDoS Protector Simple and Easy Mitigation

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

A10 DDOS PROTECTION CLOUD

SOTI SUMMER [state of the internet] / security ATTACK SPOTLIGHT

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

DDoS MITIGATION BEST PRACTICES

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Encrypted Traffic Security (ETS) White Paper

Corrigendum 3. Tender Number: 10/ dated

(DNS, and DNSSEC and DDOS) Geoff Huston APNIC

Use Cases. E-Commerce. Enterprise

DDoS Mitigation & Case Study Ministry of Finance

SecBlade Firewall Cards Attack Protection Configuration Example

Large FSI DDoS Protection Reference Architecture

IBM Cloud Internet Services: Optimizing security to protect your web applications

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

SmartWall Threat Defense System - NTD1100

WHITE PAPER Hybrid Approach to DDoS Mitigation

IBM Security Network Protection Solutions

Are You Fully Prepared to Withstand DNS Attacks?

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Corero & GTT DDoS Trends Report Q2 Q3 2017

IxLoad-Attack TM : Network Security Testing

Enterprise D/DoS Mitigation Solution offering

Technical White Paper June 2016

TDC DoS Protection Service Description and Special Terms

RSA INCIDENT RESPONSE SERVICES

War Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert

CIO INSIGHTS Boosting Agility and Performance on the Evolving Internet

Advanced Attack Response and Mitigation

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz

Defending against increasingly sophisticated DDoS attacks

A GUIDE TO DDoS PROTECTION

( ) 2016 NSFOCUS

Cyber War Chronicles Stories from the Virtual Trenches

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

AKAMAI CLOUD SECURITY SOLUTIONS

Cisco s Appliance-based Content Security: IronPort and Web Security

Validating the Security of the Borderless Infrastructure

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Global DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

Attack Prevention Technology White Paper

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Cisco Firepower with Radware DDoS Mitigation

Cloudflare Advanced DDoS Protection

Ponemon Institute s 2018 Cost of a Data Breach Study

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

Imma Chargin Mah Lazer

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Intelligent and Secure Network

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

AKAMAI THREAT ADVISORY. Satori Mirai Variant Alert

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats

Mitigating DDoS Attacks in Zero Seconds with Proactive Mitigation Controls

haltdos - Web Application Firewall

Transcription:

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 3 3RD QUARTER 2017 Complimentary report supplied by

CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 4 DDoS Attacks Decrease in Volume But Remain Unpredictable 4 Multi-Vector DDoS Attacks Remain the Norm 6 Largest Volumetric Attack and Highest Intensity Flood Attack 8 FEATURE ARTICLE Comprehensive Network Protection Inbound and Outbound 10 VERISIGN DDoS TRENDS REPORT Q3 2017 2

EXECUTIVE SUMMARY This report contains the observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services during the third quarter of 2017 from July 1, 2017 through September 30, 2017 ( Q3 2017 ). This report offers a unique view into the attack trends unfolding online, including attack statistics and behavioral trends during Q3 2017.* Verisign observed the following key trends in Q3 2017: Number of Attacks 17% decrease compared to the second quarter of 2017 from April 1, 2017 through June 30, 2017 ( Q2 2017 ) Attack Peak Size Volume 2.5 Gigabits per second (Gbps) Speed 2.3 Million packets per second (Mpps) Average Attack Peak Size <1 Gbps 70% decrease compared to Q2 2017 30% of attacks over 1 Gbps Most Common Attack Type Mitigated 56% of attacks were User Datagram Protocol (UDP) floods 88% of attacks employed multiple attack types 29% of attacks employed five or more attack types VERISIGN DDoS TRENDS REPORT Q3 2017 3

VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 DDoS Attacks Decrease in Volume But Remain Unpredictable When comparing Q3 2017 to Q2 2017, Verisign saw a 17 percent decrease in the number of attacks, and a 70 percent decrease in the peak size of the average attack. Attackers continue to launch repeated attacks against their targets. In fact, Verisign observed that 45 percent of customers who experienced DDoS attacks in Q3 2017 were targeted multiple times during the quarter. DDoS attacks remain unpredictable and vary widely in terms of speed and complexity. Attack Size 30% peaked over 1 Gbps >10 Gbps >5<10 Gbps >1<5 Gbps <1 Gbps 2015-Q4 2016-Q1 2016-Q2 2016-Q3 2016-Q4 2017-Q1 2017-Q2 2017-Q3 100 80 60 40 20 0 Percent of Attacks Figure 1: Mitigation Peaks by Quarter from Q4 2015 to Q3 2017 VERISIGN DDoS TRENDS REPORT Q3 2017 4

Average Attack Peak Size 0.8 Gbps 19.4 6.9 2015-Q4 2016-Q1 17.4 2016-Q2 70% 70% decrease in average peak attack size compared to Q2 2017 decrease in average peak attack size compared to Q2 2017 20 12.8 2016-Q3 11.2 2016-Q4 14.1 2017-Q1 2.7 2017-Q2 0.8 2017-Q3 18 16 14 12 10 8 6 4 2 0 Gbps Figure 2: Average Peak Attack Size by Quarter from Q4 2015 to Q3 2017 VERISIGN DDoS TRENDS REPORT Q3 2017 5

Multi-Vector DDoS Attacks Remain the Norm Eighty-eight percent of DDoS attacks mitigated by Verisign in Q3 2017 employed multipleattack types. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event. Today s DDoS attacks require continuous monitoring to more efficiently tailor mitigation strategies. 12% 88% of DDoS attacks in Q3 2017 utilized at least two different attack types. 29% 18% 6% 35% 1 Attack Type 2 Attack Types 3 Attack Types 4 Attack Types 5+ Attack Types Figure 3: Number of Attack Types per DDoS Event in Q3 2017 VERISIGN DDoS TRENDS REPORT Q3 2017 6

Types of DDoS Attacks UDP flood attacks dominated in Q3 2017, accounting for 56 percent of total attacks in the quarter. The most common UDP floods included Domain Name System (DNS), Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP), Character Generator Protocol (CHARGEN) and Simple Network Management Protocol (SNMP) reflective amplification attacks. 56% of attacks were UDP FLOODS 17% 56% 27% UDP Based IP Fragment Attacks TCP Based Figure 4: Types of DDoS Attacks in Q3 2017 VERISIGN DDoS TRENDS REPORT Q3 2017 7

Largest Volumetric Attack and Highest Intensity Flood Attack The largest volumetric DDoS attack observed by Verisign in Q3 2017 was a multi-vector attack that peaked at approximately 2.5 Gbps and around 1 Mpps for one hour. The attack consisted of a wide range of attack vectors including TCP SYN and TCP RST floods; DNS, ICMP and Chargen Amplification attacks, and invalid packets. The different attack vectors required continuous monitoring and changing of countermeasures to effectively mitigate. The highest intensity packet flood in the quarter, consisting of a TCP SYN and UDP floods mixed with invalid packets, peaked at approximately 2.3 Mpps and around 1 Gbps. That attack lasted approximately two and a half hours. VERISIGN DDoS TRENDS REPORT Q3 2017 8

Mitigations on Behalf of Verisign Customers by Industry for Q3 2017** IT Services/ Cloud/SaaS 45% of mitigations Financial 20% of mitigations Media and Entertainment/ Content 15% of mitigations Energy 15% of mitigations E-Commerce and Online Advertising 5% of mitigations Average attack size: Average attack size: Average attack size: Average attack size: Average attack size:.76 Gbps.63 Gbps 1.38 Gbps.52 Gbps.61 Gbps Peak DDoS Attack Size by Industry (Q3 2017) 150 100 50 Gbps IT Services/ Cloud/SaaS Financial Public Sector Media & Entertainment Telecommunications & Other E-Commerce/ Online 0 Q4 2016 Q1 2017 Q2 2017 Q3 2017 Figure 5: Peak DDoS Attack Size by Industry from Q4 2016 to Q3 2017 VERISIGN DDoS TRENDS REPORT Q3 2017 9

FEATURE ARTICLE COMPREHENSIVE NETWORK PROTECTION INBOUND AND OUTBOUND Verisign DDoS Trends Reports throughout 2017 have reported a decline in the size and number of DDoS attacks. This trend does not necessarily mean, however, that DDoS attacks are going away or that companies should be complacent. Now is a good time for organizations to review all aspects of their network and application security solutions to protect themselves against DDoS attacks or future security threats. According to the 2016 Ponemon Institute Cost of a Data Breach Study, the average consolidated cost of a data breach is $4 million. 1 Organizations usually have a strategy in place to deal with DDoS attacks hitting their network and applications, but what happens if an internal user on their own network pulls in malware via an inadvertent outbound request? Today s One-Way View Inbound Only Cloud-based DDoS protection services focus on monitoring inbound internet traffic to a customer s critical IP network. The technology typically uses signature analysis, misuse detection and dynamic profiling. Signature analysis and misuse detection look for deviations that may indicate a DDoS attack. Dynamic profiling establishes normal traffic patterns and identifies deviations, which then trigger alerts for further investigation. For example, traffic levels reaching or exceeding predefined thresholds could indicate a DDoS attack. So, when a wave of volumetric or malformed traffic hits the customer s network, an alert is raised for investigation. DDoS monitoring solutions only provide visibility into the inbound traffic. What about outbound traffic sent from your network? While variations in outbound traffic patterns can happen for many reasons, they can also indicate that compromised endpoints are participating in a botnet, exfiltrating data or being used for other malicious purpose. How do organizations know if an internal user is participating in a botnet or communicating with a command-and-control server or other malware? How do they know if data is being exfiltrated? Monitoring outbound DNS traffic can help. 1 2016 Ponemon Institute Cost of a Data Breach Study, https://securityintelligence.com/media/2016-cost-data-breach-study/, retrieved Oct. 2, 2017 VERISIGN DDoS TRENDS REPORT Q3 2017 10

How to Monitor Outbound Traffic Gaining visibility into outbound DNS requests can be challenging. Firewall administrators tend to not look at DNS request logs due to the volume, but knowing what is sent out on your network is the first step to preventing communication with malicious end points. Deploying security technology such as DNS firewall, email filtering and other security solutions, and keeping them up to date, is a good place to start. No technology offers 100 percent network protection; organizations need to implement a layered approach to security that includes both technology and user education. As attackers grow increasingly adept at creating smarter malware to circumvent individual protections, it becomes more important to layer these and other security controls, including measures at the DNS level. For more information, read our white paper, Framework for Resilient DNS Security. Verisign s Security Services offer cloud-based DDoS protection and DNS solutions to protect your organization s online services from today s security threats. To learn more about Verisign Security Services, visit https://www.verisign.com/ en_us/security-services/index.xhtml. TO LEARN MORE ABOUT VERISIGN DDoS PROTECTION SERVICES, VISIT Verisign.com/DDoS. About Verisign Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world s most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the.com and.net top-level domains and two of the internet s root servers, as well as performs the root zone maintainer function for the core of the internet s Domain Name System (DNS). Verisign s Security Services include Distributed Denial of Service Protection and Managed DNS. To learn more about what it means to be Powered by Verisign, visit Verisign.com. *The information in this Verisign Distributed Denial of Service Trends Report (this Report ) is believed by Verisign to be accurate at the time of publishing based on currently available information. Verisign provides this Report for your use in AS IS condition. Verisign does not make any and disclaims all representations and warranties of any kind with regard to this Report, including, but not limited to, any warranties of merchantability or fitness for a particular purpose. ** The attaks reported by industry in this report are solely a reflection of the Verisign DDoS Protection Service customer base. VERISIGN DDoS TRENDS REPORT Q3 2017 11

Verisign.com 2017 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners. Verisign Public VRSN_DDoS_TR_Q3-17_Axians_201712

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback