IT services and cloud providers had a tough first quarter as far as dealing with distributed denial-of-service (DDoS) attacks.
According to research from VeriSign, in the first quarter of 2015 the company observed that those customers experienced the largest volume of DDoS attacks, accounting for more than a third of all attacks and peaking in size at just over 54 Gbps.
“The largest volumetric attack mitigated by Verisign in Q1 was primarily a UDP-reflection attack leveraging the Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) in combination with a lower volume of SYN flood traffic, which peaked at 54 Gbps/18 Mpps,” according to the report. “This attack targeted an IT Services/Cloud/SaaS customer and persisted for approximately four hours.”
The news wasn’t much better for the government and financial services sectors, where the frequency of attacks each grew from 15 percent in Q4 2014 to represent 18 percent of all Verisign mitigations in Q1 2015.
“The public sector and financial services industries continued to experience an uptick in attacks, with each constituting 18 percent of total Q1 2015 mitigations,” said Ramakant Pandrangi, vice president of technology at Verisign. “As noted in last quarter’s report, Verisign believes financial services firms and various international governing organizations may be targeted as part of political activism, or hacktivism. In addition, the ready availability and low cost of DDoS toolkits and DDoS botnets-for-hire is making it easier for actors to launch attacks.”
More than half of all the attacks peaked at more than one gigabit per second (Gbps), with 34 percent peaking between one and five Gbps. Nearly 10 percent of attacks reached more than 10 Gbps. In the case of volumetric DDoS attacks, sizes peaked at 54 Gbps/18 million packets per second (Mpps) for User Datagram Protocol (UDP) floods and 8 Gbps/22 Mpps for Transmission Control Protocol-based attacks.
Overall, VeriSign mitigated more DDoS attacks during the first quarter of 2015 than in any quarter of 2014, and the number of attacks increased seven percent over Q4 of last year.
Akamai Technologies recently reported an increase in the number of DDoS attacks it dealt as well, with the total number of attacks in Q1 jumping 35 percent compared to the final quarter of 2014. According to Akamai, attackers often used the Simple Service Discovery Protocol (SSDP), which accounted for more than 20 percent of the attack vectors used during the first three months of the year. The company also reported a 22.22 percent increase in application layer (Layer 7) DDoS attacks compared to the fourth quarter of last year.
The VeriSign report can be read here.