Verisign Distributed Denial of Service Trends, observed attack trends of July – September, Q2 2018. This report provides a unique view into the attack trends that include attack statistics, behavioral trends and future outlook, compiled on the basis of observations and insights about attack frequency and size obtained from mitigations enacted on behalf of customers from Verisign DDOS Protection Services.
Verisign observed the following key trends in Q2 2018:
- Number of attacks - 35 percent increase as compared to Q1 2018 (April 1, 2018 - June 30, 2018)
- Peak attack size - (Volume) 42 Gigabits per second (Gbps), (Speed) 4.7 Million packets per second (Mpps)
- Average peak attack size – 5.7 Gbps, which is 111 percent increase compared to Q2 2017, but a 49 percent decrease in the average of attack peak sizes, 26 percent of attacks over 5 Gbps
- Most common attack mitigated - 56 percent of attacks were User Datagram Protocol (UDP) floods; 20 percent of attacks employed multiple attack types with 52 percent of attacks employed at least two different attack types
DDoS Attacks Increase in Size and Number
Verisign observed that 58 percent of DDoS attacks were over 1 Gbps. When comparing Q2 2018 to Q1 2018, Verisign saw a 35 percent increase in the number of attacks, and a 49 percent decrease in the average of attack peak sizes. Year-over-year the average of attack peak sizes increased 111 percent. Verisign additionally observed that 62 percent of its customers who experienced DDoS attacks in Q2 2018 were targeted multiple times during the quarter. Overall, DDoS attacks remain unpredictable and vary widely in terms of speed and complexity.
Multi-Vector DDoS Attacks Remain Constant
52 percent of DDoS attacks mitigated by Verisign in Q2 2018 employed multiple attack types. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event. Today’s DDoS attacks require continuous monitoring to optimize mitigation strategies.
Types of DDoS Attacks
UDP flood attacks were the most common attack vector in Q2 2018, accounting for 56 percent of total attacks in the quarter. The most common UDP floods included Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP), Network Time Protocol (NTP) and Simple Network Management Protocol (SNMP) amplification attacks.
Largest Volumetric Attack and Highest Intensity Flood Attack
The largest volumetric DDoS attack observed by Verisign in Q2 2018 was a UDP fragment flood that peaked at approximately 42 Gbps and 3.5 Mpps and lasted approximately 3 hours.
The highest intensity DDoS attack observed by Verisign in Q2 2018 was a multi-vector attack that peaked at approximately 38 Gbps and 4.7 Mpps and lasted for approximately 2 hours. The attack consisted of a wide range of attack vectors including DNS, NTP and SNMP Amplification attacks and TCP SYN and TCP RST floods.