Home / Industry

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Verisign Distributed Denial of Service Trends Report Volume 2, Issue 4 – 4th Quarter 2015 (Click to Download)Verisign has just released its Q4 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

The most notable observation last quarter is the increase in DDoS attack activity, which was at its highest since the inception of Verisign’s DDoS Trends Report in Q1 2014. Comparing year-over-year attack activity, Verisign mitigated 85 percent more attacks in Q4 2015 than in Q4 2014. Some customers were hit with persistent, repeated attacks over the quarter.

Other key trends and observations included:

• The fastest flood attack mitigated by Verisign occurred in Q4 2015, sending 125 million packets per second (Mpps), and driving a volumetric DDoS attack of 65 gigabits per second (Gbps).

• Average attack size observed by Verisign continues to be high at 6.88 Gbps, with nearly a third of attacks peaking over 5 Gbps.

• The industry most frequently targeted by DDoS attacks was IT Services/Cloud/SaaS, representing 32 percent of mitigation activity in Q4 2015, closely followed by Media and Entertainment, representing 30 percent of all mitigations.

• The most common attacks Verisign mitigated were User Datagram Protocol (UDP) floods, including Network Time Protocol (NTP), Domain Name System (DNS), and Simple Service Discovery Protocol (SSDP) floods, which collectively accounted for approximately 75 percent of attacks in Q4 2015.

Mitigation Peaks by Quarter from Q4 2014 to Q4 2015 – More than 62 percent of attacks mitigated by Verisign peaked over 1 Gbps and almost one-third peaked at over 5 Gbps

It has also been noted that on Nov. 30 and Dec. 1, 2014, many of the Internet’s DNS root name servers, including the A- and J-root servers operated by Verisign, were targets of DNS-based DDoS attacks. This quarter’s report provides an overview of these attacks and the techniques Verisign used to mitigate the large amounts of anomalous traffic.

For more DDoS trends in Q4, download the full report.

By Verisign, A Global Provider of Critical Internet Infrastructure and Domain Name Registry Services

Verisign, a global provider of domain name registry services and internet infrastructure, enables internet navigation for many of the world’s most recognized domain names. Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. To learn more about what it means to be Powered by Verisign, please visit Verisign.com.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API