According to Arbor Networks, the security division of Netscout, for the first six months of this year, DDoS remains a commonly used attack type due to the “ready availability of free tools and inexpensive online services that allow anyone with a grievance and an internet connection to launch an attack”.
Arbor says this has led to an increase in the frequency, size and complexity of attacks in recent years with:
• A 73% increase in peak attack size over 2015 to 579Gbps
• 274 attacks over 100Gbps monitored in 1H 2016, versus 223 in all of 2015
• 46 attacks over 200Gbps monitored in 1H2016, versus 16 in all of 2015
• US, France and Great Britain are the top targets for attacks over 10Gbps.
According to Arbor, a 1 Gbps DDoS attack is large enough to take most organisations completely off-line and it says that an average attack size in the first half of this year was 986Mbps, a 30% increase over 2015, and an average attack size is projected to be 1.15Gbps by end of the year.
“The data demonstrates the need for hybrid, or multi-layer DDoS defence,” said Darren Anstee, Arbor Networks chief security technologist.
“High bandwidth attacks can only be mitigated in the cloud, away from the intended target. However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour.
“On-premise protection provides the rapid reaction needed and is key against ‘low and slow’ application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.”
Arbor gathered information on the current DDoS threat environment through its Atlas threat portal.