Products & Releases

Black Lotus Threat Report Predicts New DrDoS Attacks in Excess of 800 Gbps in 2015

Service providers, carriers must strengthen security to protect operations during next 12 to 18 months

SAN FRANCISCO, CA (Marketwired - Apr 22, 2014) - While the network time protocol (NTP) DrDoS threats that became prevalent in early 2014 have been contained, new distributed reflected denial of service threats will lead to attacks in excess of 800 Gbps during the next 12 to 18 months. That prediction is according to the "Q1 2014 Threat Report" issued today by Black Lotus, a leader in availability security and provider of distributed denial of service (DDoS) protection. Black Lotus compiles its quarterly threat reports by drawing on data from its network logs and analyzing the results for trends in attack size, duration, method, source and other characteristics.

The threat report, which covers DDoS attack data between January 1 and March 31, 2014, shows that service providers have been heavily impacted by security threats, including SQL injection attacks, NTP DrDoS attacks, and most recently the TLS heartbeat vulnerability ("Heartbleed"). All of these threats have had profound effects on the ability of service providers to safely operate and protect their customers.

During the first quarter of 2014, novice attackers used DrDoS methods to bypass the DDoS defenses of well-prepared companies by targeting upstream carriers directly. In January 2014, Black Lotus recorded several incidents in which tier 1 carriers in multiple U.S. regions were saturated due to DrDoS attacks, resulting in packet loss as high as 35 percent to customers that were not even targeted by the attacks. By February, the same carriers were better prepared for attacks that exceeded 400 Gbps, and they were able to stabilize their networks with minimal interruption to downstream customers. Greater awareness of NTP DrDoS is critical, but service providers will have to add protections as attackers grow more sophisticated and attacks become more severe.

The report findings also show that:

  • The largest DDoS attack observed during the report period was on February 10. It was 421 Gbps and 122 millions of packets per second (Mpps).
  • Of the 463,621 observed attacks, Black Lotus regarded 90,313 (19.5 percent) of them as severe, characterized by an extreme traffic levels compared to the target's typical traffic baseline.
  • The average attack during the period reported was 2.7 Gbps and 1.8 Mpps.
  • During the reporting period, 50.3 percent of severe attacks targeted individual applications, most commonly HTTP servers and domain name services (DNS). Attacks on either application can result in site outages and are difficult to mitigate without professional assistance.

"Historically, service providers have been able to operate without providing substantial security services to customers. That's no longer viable, as threats proliferate and attackers find new ways to amplify the volume of their efforts," said Jeffrey Lyon, founder of Black Lotus. "To protect themselves and their customers, service providers must now also become security providers by offering integrated hosting and security services such as DDoS mitigation, intrusion defense, and incident response and remediation."

Download the full Black Lotus "Q1 2014 Threat Report" for more details.

About Black Lotus Communications
Black Lotus Communications is a security innovator that pioneered the first commercially viable DDoS mitigation solutions. These advanced solutions enhance the security posture of small and medium businesses and enterprise clients while reducing capital expenditures, managing risk, ensuring compliance, and improving earnings and retention. Breakthrough developments at Black Lotus include the world's first DDoS-protected hosting network, the first IPv6 DDoS mitigation environment, and the first highly effective Layer 7 attack mitigation strategy. For more information, visit or follow Black Lotus on Twitter at


Editors' Choice
Tara Seals, Managing Editor, News, Dark Reading
Jim Broome, President & CTO, DirectDefense
Nate Nelson, Contributing Writer, Dark Reading