2016 DDoS Attack Trends By The Numbers
Some highlights from recent reports on DDoS attack activity.
August 31, 2016
As inevitable as death and taxes, distributed denial of service (DDoS) attacks against the enterprise continue as strong as ever. According to all of the latest data, 2016 has seen DDoS attacks intensify in frequency and size, particularly as attackers are increasingly using DNS and DNSSEC to amplify attacks for greater impact against their victims using fewer botnet resources.
According to researchers with NexusGuard, there was an 83% increase of DDoS attacks in the second quarter of 2016 compared to the first quarter. Among all those attacks, DNS is gaining steam as a primary protocol attack vector. Nevertheless, NTP still has the lead in that regard, making up 47% of all DDoS attacks tracked by the firm.
During a one year period from April 2015 through March 2016, Imperva Incapsula reports it blocked an average of 445 DDoS attacks targeting its customers per week.
Application layer DDoS attacks still make up 60% of DDoS attacks today but they're increasingly being displaced by network layer attacks, likely due to the increasing prevalence of DNS-based DDoS attacks, reports Imperva Incapsula. The two types should be neck-and-neck by 2018 if trend lines continue as expected.
Researchers with Arbor Networks corroborate the evidence that reflection attacks are on the rise. They report it has contributed to a rise in the number of larger DDoS attacks in the first half of 2016. There were 274 attacks sized over 100 Gbps in the first half, compared to just 223 in all of 2015. And there were 46 attacks sized over 200 Gbps in the first half compared to 16 in all of 2015.
The average DDoS attack size also increased by 30% in the first half of 2016 compared to 2015, according to Arbor Networks. The firm believes the average attack size will hit 1.15 Gbps by the end of the year. It warns that a 1 Gbps DDoS is enough to knock most organizations' networks offline completely.
Kaspersky Lab reports that DDoS attacks are increasingly coming at the hands of Linux botnets. In the second quarter of 2016, over 70% of all DDoS attacks detected by the firm were launched from Linux-based botnets.
The large majority of DDoS attacks are fairly short in duration. In the first quarter of 2016, over 93% of attacks lasted under one hour, reports Imperva Incapsula.
The large majority of DDoS attacks are fairly short in duration. In the first quarter of 2016, over 93% of attacks lasted under one hour, reports Imperva Incapsula.
As inevitable as death and taxes, distributed denial of service (DDoS) attacks against the enterprise continue as strong as ever. According to all of the latest data, 2016 has seen DDoS attacks intensify in frequency and size, particularly as attackers are increasingly using DNS and DNSSEC to amplify attacks for greater impact against their victims using fewer botnet resources.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024