2017 DDoS Attack Activity by Arbor
October 2017 by Arbor Networks
As we approach the one year anniversary of the Dyn attack, it may seem like all has been quiet in DDoS land by comparison. After all, we have not seen major, multi-continent internet outage impacting many of the most popular online services and applications this year. That’s the good news. The bad news is, it’s not for lack of trying.
DDoS activity in 2017 through September 30
• 272 days
• 6.1 million DDoS attacks
• 15 per minute
DDoS attacks have been democratized by low cost attack services (aka booter/stressers) that launch attacks for you, for as little as the cost of a cup of coffee. There are also hundreds of tools that enable anyone with an internet connection and a grievance to launch an attack. This is a true game changer in terms of the threat landscape and what businesses should consider themselves a potential target of attack. It used to be certain verticals would be likely targets for DDoS, finance, gaming and e-commerce at the top of the list. Today, any business, for any reason, any real or perceived offense or affiliation, can become a target. As attacks get more frequent, larger and more complex, your choice of DDoS protection matters more than ever.
No End in Sight to Massive DDoS Attack Sizes
While attack frequency can be attributed to the burgeoning market for DDoS attack services and tools, DDoS attack size is being driven markedly higher by the use of reflection/amplification techniques and the emergence of IoT botnets. Reflection/amplification techniques magnify the amount of traffic at the hands of the attacker. For example, DNS resolvers are often used by attackers to spoof victim IP addresses. By sending DNS queries to open resolvers the response sent to the victim’s server may be 50X the size of the original query.
Embedded IoT devices are highly vulnerable, generally always turned on and the networks where they reside offer high-speed connections, which allows for a relatively high amount of DDoS attack traffic volume per compromised device. Against this backdrop, it’s easy to see why massive attack size is dominating the DDoS discussion.
Top 5 Attack Sizes (Gbps)
• 582 (2)
Top Targets of DDoS Attacks
To learn more about the dynamic DDoS threat landscape, including a special section on IoT botnets, download Arbor’s 12th annual Worldwide Infrastructure Security Report
• #8 most targeted country for DDoS attacks globally
• 133,000 DDoS attacks targeting Turkey, 2.1% of all attacks
• #10 most targeted country for DDoS attacks globally
• 116,000 DDoS attacks targeting Australia, 1.9% of all attacks
• #11 most targeted country for DDoS attacks globally
• 106,000 DDoS attacks targeting Germany, 1.7% of all attacks
• #13 most targeted country for DDoS attacks globally
• 97, 100 DDoS attacks targeting Sweden, 1.6% of all attacks