Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

DDoS Attacks Over 10 Gbps Jump in Q3: Verisign

A new report from Verisign on distributed denial-of-service attacks showed that the number of distributed denial-of-service [DDoS] attacks exceeding 10 Gbps grew substantially between the second and third quarters of the year.

A new report from Verisign on distributed denial-of-service attacks showed that the number of distributed denial-of-service [DDoS] attacks exceeding 10 Gbps grew substantially between the second and third quarters of the year.

According to the Verisign report, the number of attacks 10 Gbps and above jumped by 38 percent from the second quarter, and represented more than 20 percent of all attacks in Q3.

Attackers were persistent in launching attacks against targeted customers, averaging more than three separate attempts per target, according to the report. The most frequent target of attacks was the media and entertainment industry, which represented more than 50 percent of all mitigation activity. The largest observed attack was 90 Gbps and was experienced by an e-commerce company. 

“This attack was a pulsing User Datagram Protocol (UDP) flood employed in short bursts of 30 minutes or fewer,” Verisign noted in a blog post announcing the report. “It consisted primarily of Network Time Protocol (NTP) reflective amplification attack traffic. This activity was aimed at disrupting the critical online commerce capability of the customer and was successfully mitigated by Verisign.”

When compared to Q1, the average attack size increased in Q3 by 65 percent. Network Time Protocol (NTP) continues to make up the majority of UDP-based reflective amplification attacks, with a shift to SSDP [Simple Service Discovery Protocol] during the quarter. Last month, researchers at Akamai Technologies issued a warning about attackers leveraging SSDP to launch attacks that amplify and reflect traffic to their targets.

“Though the amplification it generates is smaller than that possible with DNS or NTP reflection attacks, SSDP attacks still have the capability to overwhelm organizations that are using traditional security appliances to protect their assets,” according to the report. “Consistent with other reflective amplification attacks, malicious actors will spoof the source IP when making an SSDP request to target a victim. For most organizations, SSDP implementations should not need to be open to the Internet. In this case, ingress queries from the Internet targeting this protocol can be blocked at the network edge to protect from this particular vector. Verisign recommends an audit of internal assets, including outbound network flows to ensure that your organization is not being unknowingly leveraged in SSDP-based DDoS attacks.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.