Home / Industry

Attacks Decrease by 23 Percent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Multi-Vector DDoS Attacks are the Norm – Fifty-seven percent of DDoS attacks mitigated by Verisign in Q1 2017 employed multiple attack types. Verisign observed DDoS attacks targeting victim networks at multiple network layers and attack types changing over the course of DDoS events, thus requiring continuous monitoring to optimize the mitigation strategy. Download Full ReportVerisign has released its latest DDoS Trends Report for the first quarter of this year representing a unique view into the attack trends unfolding online. DDoS Trends Report is based on observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services.

Verisign DDoS Trends Report – Volume 4, Issue 1, 1st Quarter 2017 – Click to DownloadIn Q1 2017, Verisign saw a 23 percent decrease in the number of attacks; however, the average peak attack size increased 26 percent compared to the previous quarter. Overall, average peak attack sizes have been noticeably larger since Q1 2016, with peak sizes over 10 Gigabits per second (Gbps).

The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120 Gbps and around 90 Million packets per second (Mpps). This attack sent a flood of traffic to the targeted network in excess of 60 Gbps for more than 15 hours. The attack was notable because the attackers were persistent, sending attack traffic on a daily basis for over two weeks. The attack consisted primarily of TCP SYN and TCP RST floods of varying packet sizes and employed one of the signatures associated with the Mirai IoT botnet. The event also included UDP floods and IP fragments which increased the volume of the attack.

Key DDoS Attack Trends and Observations

  • Fifty-seven percent of the DDoS attacks mitigated by Verisign in Q1 2017 employed multiple attack types.
  • Forty-six percent of DDoS attacks were UDP Floods.
  • TCP-based attacks were the second most common attack vector, making up 33 percent of attack types in the quarter.
  • The IT/Cloud/SaaS industry, representing 58 percent of mitigation activity, was the most frequently targeted industry for the tenth consecutive quarter. The Financial Sector industry experienced the second highest number of DDoS attacks, representing 28 percent of mitigation activity. This is a large increase from the 7 percent mitigation during the prior quarter.

For more DDoS Trends in Q1 2017, download the full report.

By Verisign, A Global Provider of Critical Internet Infrastructure and Domain Name Registry Services

Verisign, a global provider of domain name registry services and internet infrastructure, enables internet navigation for many of the world’s most recognized domain names. Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. To learn more about what it means to be Powered by Verisign, please visit Verisign.com.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com