Q3 2015 DDoS Attack Trends
Click to EnlargeAs part of our efforts to support National Cyber Security Awareness Month by sharing the latest cybersecurity research, Verisign released its Q3 2015 DDoS Trends Report, which represents a unique view into attack trends unfolding online for the previous quarter, including attack statistics and behavioral trends, derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and the security research of Verisign iDefense Security Intelligence Services.

The most notable observation is DDoS attack activity increased in Q3 to the highest it has been in any quarter over the last two years. Quarter over quarter, Verisign mitigated 53 percent more attacks in the third quarter this year than in the preceding quarter.

Additional notable observations and insights from Q3 2015 include:

• Verisign observed a peak volumetric DDoS attack of 60 gigabits per second (Gbps) and 12 million packets per second (Mpps) for User Datagram Protocol (UDP) floods and 34 Gbps/30 Mpps for Transmission Control Protocol (TCP) floods in Q3 2015.
• Verisign saw the average attack size increase to 7.03 Gbps, 27 percent higher than Q2 2015.
• Fifty-nine percent of attacks peaked at more than 1 Gbps; 20 percent of attacks were greater than 10 Gbps.
• For the fourth quarter in a row, the industry most frequently targeted by DDoS attacks was IT Services/Cloud/SaaS, representing 29 percent of mitigation activity in Q3. Media and Entertainment closely followed representing 26 percent of mitigations. The Financial and Payments sector remains a heavily-targeted industry, representing 15 percent of all Verisign mitigations.
• The most common attacks mitigated were Network Time Protocol (NTP), Domain Name System (DNS) and Simple Service Discovery Protocol (SSDP) UDP floods, which collectively accounted for approximately 65 percent of attacks in the quarter.

Finally, this quarter’s feature article focuses on operating systems once thought to be more secure against malware and vulnerabilities, like Linux, Mac OS X and iOS, and why they are increasingly becoming the target of bot herders and malware authors. “No System Is Secure—Hackers Target iOS and Linux Operating Systems to Deploy Malware” examines these attack trends and describes why it is critical that organizations implement an open hybrid approach to DDoS protection complemented by a cyber-threat intelligence program for timely and actionable intelligence to help identify vulnerabilities and threat actors before they affect their networks.

See additional highlights in the presentation below.

For more DDoS trends in Q3, access the full report at Verisign.com/DDoSTrends. Be sure to check back in a few months when we release our Q4 2015 DDoS Trends Report.