Connect with us

Hi, what are you looking for?



DDoS Attacks Over 10 Gbps Jump in Q3: Verisign

A new report from Verisign on distributed denial-of-service attacks showed that the number of distributed denial-of-service [DDoS] attacks exceeding 10 Gbps grew substantially between the second and third quarters of the year.

A new report from Verisign on distributed denial-of-service attacks showed that the number of distributed denial-of-service [DDoS] attacks exceeding 10 Gbps grew substantially between the second and third quarters of the year.

According to the Verisign report, the number of attacks 10 Gbps and above jumped by 38 percent from the second quarter, and represented more than 20 percent of all attacks in Q3.

Attackers were persistent in launching attacks against targeted customers, averaging more than three separate attempts per target, according to the report. The most frequent target of attacks was the media and entertainment industry, which represented more than 50 percent of all mitigation activity. The largest observed attack was 90 Gbps and was experienced by an e-commerce company. 

“This attack was a pulsing User Datagram Protocol (UDP) flood employed in short bursts of 30 minutes or fewer,” Verisign noted in a blog post announcing the report. “It consisted primarily of Network Time Protocol (NTP) reflective amplification attack traffic. This activity was aimed at disrupting the critical online commerce capability of the customer and was successfully mitigated by Verisign.”

When compared to Q1, the average attack size increased in Q3 by 65 percent. Network Time Protocol (NTP) continues to make up the majority of UDP-based reflective amplification attacks, with a shift to SSDP [Simple Service Discovery Protocol] during the quarter. Last month, researchers at Akamai Technologies issued a warning about attackers leveraging SSDP to launch attacks that amplify and reflect traffic to their targets.

“Though the amplification it generates is smaller than that possible with DNS or NTP reflection attacks, SSDP attacks still have the capability to overwhelm organizations that are using traditional security appliances to protect their assets,” according to the report. “Consistent with other reflective amplification attacks, malicious actors will spoof the source IP when making an SSDP request to target a victim. For most organizations, SSDP implementations should not need to be open to the Internet. In this case, ingress queries from the Internet targeting this protocol can be blocked at the network edge to protect from this particular vector. Verisign recommends an audit of internal assets, including outbound network flows to ensure that your organization is not being unknowingly leveraged in SSDP-based DDoS attacks.”

Advertisement. Scroll to continue reading.
Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.