DDoS Attacks Shorter, Repeated Frequently in 1H 2014: Report

High-Volume, High-Rate DDoS Attacks Increase in First Half of 2014

Distributed denial-of-service (DDoS) mitigation solutions provider NSFOCUS has released a report documenting the attacks and attack trends from the first half of 2014.

The analysis of attacks tracked by the NSFOCUS Threat Response and Research (TRR) team and attacks mitigated by the NSFOCUS Managed Security Service (MSS) team for the company’s customers shows that high-rate, high-volume attacks have increased. More precisely, one third of attacks peaked at 500Mbps, while over 5% of them reached 4Gbps.

Half of the DDoS attacks analyzed by NSFOCUS were launched at a rate of over 0.2Mpps (million packets per second). This is a considerable increase compared to the previous period when it was roughly 16%. More than 2% of attacks were launched at a rate of over 3.2Mpps in the first half of this year, the company said.

According to the report released Sept. 23, a majority of the attacks (more than 90%) lasted less than 30 minutes, but were repeated frequently. Such operations can result in significant damage for organizations that need to provide services without interruption, such as hosting services, e-commerce websites and online gaming platforms. 

 More than 42% of the organizations monitored by the DDoS protection company were hit more than once, and 2.5% were attacked repeatedly over 10 times. The highest number of DDoS attacks launched against the systems of a single organization was 68, the company said.

NSFOCUS’s data shows that attacks against certain sectors increased considerably in the first half of 2014. Attacks targeting ISPs increased by 87.2%, ones aimed at enterprises by 100.5%, and against online gaming services by 60%.

HTTP Flood, DNS Flood and TCP Flood accounted for almost 85% of all attacks, with DNS Floods continuing to be the preferred method of attack, NSFOCUS said.

The longest attack observed by the company lasted for 9 days and 11 hours, and 23 Mpps was the rate of the largest single attack.

“NSFOCUS has maintained a continuous review of DDoS attacks over recent years, and we have observed that the trends constantly change as attacks morph and hacker behavior evolves. To stay ahead of these trends, we strongly encourage our customers to take a defensive approach in identifying and mitigating these threats before they happen,” advised Terence Chong, solutions architect at NSFOCUS.

Earlier this month, Akamai Technologies published an advisory to warn enterprises that attackers are launching DDoS attacks with the aid of Linux malware installed on servers running vulnerable software.

The complete NSFOCUS mid-year threat report is available online.