DDoS Attacks Up 15% in Financial Sector: Verisign
Distributed denial of service attacks are not a new threat, but several industry verticals, including financial services, experienced their largest peak DDoS attack sizes in 2016’s first quarter compared to the previous three quarters.
The Reston, Va.-based Verisign’s “Distributed Denial of Service Trends Report” for the first quarter of 2016 also revealed with 27% of mitigations, the financial sector experienced a 15% increase from Q4 2015 with an average attack size of 23 Gbps.
Every organization is at risk, and the recent growth in DDoS-for-hire services enables virtually anyone to launch targeted malware attacks against high-profile targets with ease and minimal effort, Verisign said.
A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system. The attacks are not limited to any specific industry or vertical, but several industry verticals, including financial services, IT services/cloud/SaaS, media and entertainment, and telecommunications experienced their largest peak attack sizes in Q1 2016 compared to the previous three quarters.
The report contained the observations and insights derived from DDoS attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and the security research of Verisign iDefense Security Intelligence Services.
“No matter how prepared an organization thinks it may be, DDoS attacks continue to take organizations by surprise and take websites offline, rendering them inaccessible for hours or sometimes for days,” the report warned.
While the attacks differ in their targets and motivation, what remains consistent is how the attackers broadcast the attacks. Attackers frequently utilize social media channels to provide advance notice of the attacks and later to claim responsibility for the attacks.
The report presented a unique view of the attack trends unfolding online for the previous quarter, including attack statistics and behavioral trends. For the period starting Jan. 1, 2016 and ending March 31, 2016, Verisign observed the following key trends:
- DDoS attacks continued to increase in size, complexity and frequency. The number of attacks showed a 111% increase year over year and 23% increase quarter over quarter.
- Sixty-four percent of the DDoS attacks mitigated by Verisign in Q1 2016 employed multiple attack types, indicating that the increasing sophistication of DDoS attacks require more time and effort to mitigate.
- Continuing the trend from 2015, the most common DDoS attack types in Q1 2016 were user-datagram-protocol floods, a type of denial of service attack that overwhelms random ports, making up 62% of total attacks in the quarter.
- DDoS attacks became more unpredictable. The largest volumetric attack Verisign mitigated in Q1 2016 was a multi-vector attack including UDP, internet control measure protocol and transmission control protocol flood traffic. In addition to the multiple attack types employed, attackers targeted multiple different IPs over the course of the event. The size of this attack, at 274 Gbps, represented the second largest flood ever mitigated by Verisign DDoS Protection Services.
iDefense observed that public sector organizations are prime targets for hacktivist attacks because they are large, recognizable targets that represent policies and ideologies opposed by the hacktivists. The motivations of the hacktivists in DDoS attacks run the gamut from protesting a political agenda to highlighting security weaknesses.
Hacktivists display guerilla warfare tactics in these attacks, repeatedly challenging the government and/or agency from remote locations, making attribution and prosecution difficult, if not impossible, for the protective agencies.
Verisign also observed an increase in DDoS attacks focused on government entities across the globe at regional and national levels, as well as academic institutions and local law enforcement websites. The intent of these DDoS attacks is to render these organizations inaccessible.
The Verisign iDefense “2016 Cyberthreats and Trends Report” stated, “Hacktivism may experience a relative rejuvenation of collaborative hacktivist campaigning, following, comparatively speaking, a very quiet year in 2015.”