ddos-attacks-in-q3-2016

Despite being a very useful resource, the Internet is extremely sensitive to malpractices. Cyber attacks have become an everyday affair. One of the many malpractices that have raged the internet world is Distributed Denial of Services (DDoS) attacks.

Recently, Verisign released its DDoS report for Q3 2016. According to this report, the DDoS attack and other related trends have decreased in Q3 2016 as compared to Q2 2016 and the same quarter a year ago.

About DDoS Attacks

DDoS attacks use botnets to render any website, server, application or other internet resources, by flooding it with attack traffic. It leads to killing or complete slow down of the target site, making it unusable. Consequences of such attacks depend majorly on the size of the attacks. The largest attack ever noted was in September 2016, when hackers hacked 152,000 smart devices to launch one Tbps DDoS attack. The victim of this attack was a France-based hosting provider, OVH.

DDoS Attacks Have Decreased

As per the DDoS Trends Report, the number of DDoS attacks have decreased by 13% YoY in Q3 2016. In the Q2 2016, some DDoS attacks witnessed 75% YoY increase. This indicates a positive change for the internet users. The decrease could be a result of increased cyber security awareness among the users, companies, and even the government.

The Internet has become a primary platform for individuals as well as businesses. It attracts more and more criminals who tend to interfere with the operations to make money out of it. Therefore, to ensure security, owners of the servers are constantly working towards making their properties safe and secure. Unfortunately, as technological advances are making way for better security, it is also giving hackers newer ways of launching such attacks.

It’s not just the numbers of attacks that have decreased. With devices becoming more and more secure, it is becoming difficult for the hackers to create an extensive network of botnets to launch bigger attacks. This has helped in reducing the attacks with over 10 Gbps peak size. The average peak attack size in Q3 2016 stood at 12.78 Gbps which is an 82% YoY increase. But if we compare this to that of Q2 2016 at 17.37 Gbps, it was a whopping 214% YoY increase. In Q3 2016, only 16% attacks peaked over 10 Gbps, which has decreased by half when compared to 32% in Q2 2016.

222

Types of DDoS Attacks

DDoS attacks are highly unpredictable as hackers use multiple attack types. Using multiple attack types makes the attack complex, eating up more time and effort to mitigate. In Q3 2016, 49% of the attacks were UDP flood type which is done by sending a large number of user datagram protocol pockets to random ports on a remote host. The most used UDP flood attack was Domain Name System (DNS) reflection attacks, followed by Network Time Protocol (NTP) reflection attacks. 22% were IP Fragment attacks, followed by TCP based at 20%.

333

Also, the intensity flood attack in Q3 2016 was approximately 60 Gbps and 150 Mbps, which was over 250 Gbps in Q2 2016.

The motive behind these attacks is to mint more and more money. If the hackers can successfully attack a flourished industry, chances are high of making more money.

The most affected industry was IT services/Cloud/SaaS with 37% attacks targeting this sector, with an average attack size of 8.8 Gbps. Financial sector faced 29% of these attacks with the average attack size being 39.1 Gbps. The third most affected sector was the public sector accounting for 12% of the total attacks with an average attack size of 5.8 Gbps.

444

Advance in technology has proved beneficial for the hackers as well. With more resources available, the hackers are capable of launching larger attacks. The attack size has been mostly increasing quarter over quarter. The financial industry faced the highest attack peak size. The attack size in Q3 2016 was 257 Gbps, which is a 47% increase as compared to Q2 2016. The next most affected industry, in terms of the attack size, was Media & Entertainment, followed by IT services/Cloud/SaaS.

Purpose of these Attacks

First of all, it’s not always the hackers who are behind these attacks. Even companies hire hackers to launch these attacks to undermine their competitors. This is termed as industrial sabotage. Botnets are available in few specialised underground markets at a nominal amount. A week-long DDoS attack, which can severely impact a small online organization, costs as low as $150.

The DDoS attacks are often used to blackmail the victims by demanding a huge amount of payment from the businesses, terming it as protection payment. The businesses that are afraid of the consequences of these attacks and those who do not have a quick fix for it, usually end up making these payments.

How to Avoid Such Attacks

These attacks usually do not fiddle with the data, but it can highly obstruct the functioning of an app or a website or a server. Therefore, it is highly important to keep a check on these attacks. Following steps can ensure the least impact from these attacks:

  • Identifying a DDoS attack as early as possible is the first and one of the most important steps.
  • Over-provisioning the bandwidth is another step for controlling DDoS attacks. Over-provisioning doesn’t exactly stop a DDoS attack, but it gives enough time to act before the site gets flooded.
  • If a user has its own server, defending at network perimeter can be helpful in mitigating the effects of such attacks.
  • Finally, the victim should take help from the ISP or hosting provider or even a DDoS specialist.

There are several tools available which can be helpful in preventing DDoS attacks and protecting your company. Some of these tools are Cloudflare, F5 Networks, Black Lotus, Arbor Networks and Incapsula.