Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cloud Providers Hit Hard by DDoS Attacks in Q1: VeriSign

IT services and cloud providers had a tough first quarter as far as dealing with distributed denial-of-service (DDoS) attacks.

IT services and cloud providers had a tough first quarter as far as dealing with distributed denial-of-service (DDoS) attacks.

According to research from VeriSign, in the first quarter of 2015 the company observed that those customers experienced the largest volume of DDoS attacks, accounting for more than a third of all attacks and peaking in size at just over 54 Gbps.

“The largest volumetric attack mitigated by Verisign in Q1 was primarily a UDP-reflection attack leveraging the Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) in combination with a lower volume of SYN flood traffic, which peaked at 54 Gbps/18 Mpps,” according to the report. “This attack targeted an IT Services/Cloud/SaaS customer and persisted for approximately four hours.”

The news wasn’t much better for the government and financial services sectors, where the frequency of attacks each grew from 15 percent in Q4 2014 to represent 18 percent of all Verisign mitigations in Q1 2015.

“The public sector and financial services industries continued to experience an uptick in attacks, with each constituting 18 percent of total Q1 2015 mitigations,” said Ramakant Pandrangi, vice president of technology at Verisign. “As noted in last quarter’s report, Verisign believes financial services firms and various international governing organizations may be targeted as part of political activism, or hacktivism. In addition, the ready availability and low cost of DDoS toolkits and DDoS botnets-for-hire is making it easier for actors to launch attacks.”

More than half of all the attacks peaked at more than one gigabit per second (Gbps), with 34 percent peaking between one and five Gbps. Nearly 10 percent of attacks reached more than 10 Gbps. In the case of volumetric DDoS attacks, sizes peaked at 54 Gbps/18 million packets per second (Mpps) for User Datagram Protocol (UDP) floods and 8 Gbps/22 Mpps for Transmission Control Protocol-based attacks.

Overall, VeriSign mitigated more DDoS attacks during the first quarter of 2015 than in any quarter of 2014, and the number of attacks increased seven percent over Q4 of last year.

Akamai Technologies recently reported an increase in the number of DDoS attacks it dealt as well, with the total number of attacks in Q1 jumping 35 percent compared to the final quarter of 2014. According to Akamai, attackers often used the Simple Service Discovery Protocol (SSDP), which accounted for more than 20 percent of the attack vectors used during the first three months of the year. The company also reported a 22.22 percent increase in application layer (Layer 7) DDoS attacks compared to the fourth quarter of last year.

Advertisement. Scroll to continue reading.

The VeriSign report can be read here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.