Verisign Distributed Denial of Service Trends observed attack trends of January – March, Q1 2018. This report provides a unique view into the attack trends that include attack statistics, behavioral trends and future outlook. Compiled on the basis of observations and insights about attack frequency and size obtained from mitigations enacted on behalf of customers from Verisign DDOS Protection Services.
Verisign’s Observation Found These Key Trends in Q1 2018:
- Number of attacks – 53% increase when compared to Q4 2017 (October 1, 2017 – December 31, 2017)
- Peak attack size – (Volume) 70 Gigabits per second (Gbps), (Speed) 7.4 Million packets per second (Mpps)
- Average peak attack size – 11.2 Gbps which is 47% increase compared to Q4 2017, but a 21% Y-o-Y decrease compared to Q4 2017, 39% of attacks over 5 Gbps
- Most common attack mitigated – 50% of attacks were User Datagram Protocol (UDP) floods; 58% of attacks employed multiple attack types with 32% of attacks employing four or more attack types
DDoS Attacks Vary in Speed and Complexity
Verisign observed a 53% increase in the number of attacks in Q1 2018 compared to Q4 2017 and a 47% increase in the average of attack peak sizes. From Q1 2017 to Q1 2018, Verisign observed a Y-o-Y decrease of 21% in the average of attack peak sizes. Verisign additionally observed that 67% of customers who experienced DDoS attacks in Q1 2018 were targeted multiple times during the quarter. Overall, DDoS attacks remain unpredictable and vary widely in terms of speed and complexity.
Multi-Vector DDoS Attacks Remain Constant
58% of DDoS attacks mitigated by Verisign in Q1 2018 employed multiple attack types. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event. Today’s DDoS attacks require continuous monitoring to optimize mitigation strategies.
Types of DDoS Attacks
Continuing the trend, UDP flood attacks were the most common attack vector accounting for 50% of total attacks in the quarter. The most common UDP floods included Domain Name System (DNS), Network Time Protocol (NTP), Lightweight Directory Access Protocol (LDAP), Simple Network Management Protocol (SNMP) and Memcached reflective amplification attacks.
Largest Volumetric Attack and Highest Intensity Flood Attack
The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2018 was a multi-vector attack that peaked at approximately 70 Gbps and over 7 Mpps. This attack sent a flood of traffic to the targeted network for about an hour. The attack consisted of a wide range of attack vectors including TCP SYN and TCP RST floods, DNS amplification attacks, Internet Control Message Protocol (ICMP) floods and invalid packets.