2017 DDoS Attack Activity

DDoS Activity in 2017
(through September 30th)

  • 272 days
  • 6.1 million DDoS attacks
  • 22,426/day
  • 934/hour
  • 15 per minute

As we approach the one year anniversary of the Dyn attack, it may seem like all has been quiet in DDoS land by comparison. After all, we have not seen major, multi-continent internet outage impacting many of the most popular online services and applications this year. That’s the good news. The bad news is, it’s not for lack of trying.

DDoS attacks have been democratized by low cost attack services (aka booter/stressers) that launch attacks for you, for as little as the cost of a cup of coffee. There are also hundreds of tools that enable anyone with an internet connection and a grievance to launch an attack. This is a true game changer in terms of the threat landscape and what businesses should consider themselves a potential target of attack. It used to be certain verticals would be likely targets for DDoS, finance, gaming and e-commerce at the top of the list. Today, any business, for any reason, any real or perceived offense or affiliation, can become a target.

As attacks get more frequent, larger and more complex, your choice of DDoS protection matters more than ever.

No End in Sight to Massive DDoS Attack Sizes

While attack frequency can be attributed to the burgeoning market for DDoS attack services and tools, DDoS attack size is being driven markedly higher by the use of reflection/amplification techniques and the emergence of IoT botnets.

Reflection/amplification techniques magnify the amount of traffic at the hands of the attacker. For example, DNS resolvers are often used by attackers to spoof victim IP addresses. By sending DNS queries to open resolvers the response sent to the victim’s server may be 50X the size of the original query.

Embedded IoT devices are highly vulnerable, generally always turned on and the networks where they reside offer high-speed connections, which allows for a relatively high amount of DDoS attack traffic volume per compromised device. Against this backdrop, it’s easy to see why massive attack size is dominating the DDoS discussion.

Top 5 Attack Sizes (Gbps)

  • 622
  • 591
  • 585
  • 582 (2)
  • 581

Top Six Targets of DDoS Attacks

Arbor Networks ATLAS®

ATLAS is a collaborative project between Arbor Networks, the security division of NETSCOUT, and 400 service provider customers who have agreed to share anonymous traffic data with us. ATLAS delivers a truly comprehensive view into internet traffic, trends and threats. From this unique vantage point, Arbor is ideally positioned to deliver intelligence about botnets, DDoS attacks and malware that threaten internet infrastructure and network availability.

To learn more about the dynamic DDoS threat landscape, including a special section on IoT botnets, download Arbor’s 12th annual Worldwide Infrastructure Security Report

Leave a Reply

Your email address will not be published. Required fields are marked *