Arbor Networks Detects Largest Ever DDoS Attack in Q1 2015 DDoS Report
BURLINGTON, MA., April 28, 2015 – Arbor Networks Inc. , a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, today released Q1 2015 global DDoS attack data that shows a continuation of extremely high volume attacks, including the largest attack ever detected by Arbor’s ATLAS threat intelligence infrastructure, a 334Gbps attack targeting a network operator Asia. In Q1 2015, there were 25 attacks larger than 100Gbps globally.
In the past year, Arbor has documented a dramatic increase in DDoS activity. The majority of recent very large attacks leverage a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, with large numbers of significant attacks being detected all around the world.
Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. This technique relies on two unfortunate realities: firstly, many service providers still do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address; secondly, there are plenty of poorly configured and poorly protected devices on the Internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated.
Arbor’s data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS collects statistics that represent 120Tbps of Internet traffic and provides the data for the Digital Attack Map, a visualization of global attack traffic created in collaboration with Google Ideas.
Other global Q1 2015 DDoS attack stats of note:
- An example of how attackers are constantly changing their techniques, SSDP reflection attacks are up dramatically year-over-year: 126,000 monitored in Q1 2015 versus 3 reported in Q1 2014
- Attacks are shorter but pack a punch: Majority of attacks are short-lived, approximately 90% last less than 1 hour
“Attacks that are significantly above the 200Gbps level can be extremely dangerous for network operators and can cause collateral damage across service provider, cloud hosting and enterprise networks,” said Darren Anstee, Director, Solutions Architects, for Arbor Networks. “DDoS attacks continue to evolve. Not only have volumetric attacks grown significantly in size and frequency over the past 18 months, application-layer attackers are also still pervasive. In order to deal with the full scope of the modern DDoS threat, we strongly recommend a multi-layered defense, one that integrates on-premise protection against application-layer attacks with cloud-based protection against higher magnitude volumetric attacks. Only then is an organization fully protected from DDoS attacks today.”
About Arbor Networks
Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context - so customers can solve problems faster and reduce the risk to their business.
To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.
Trademark Notice: Arbor Networks, the Arbor Networks logo, Peakflow, ArbOS, Pravail, Cloud Signaling, Arbor Cloud, ATLAS, We see things others can’t.TM and Arbor Networks. Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners