Mega attacks hit new record, multiple attack vectors usual
As in recent quarters, the vast majority of these attacks were based on reflection attacks using stresser/booter-based tools. These tools bounce traffic off servers running vulnerable services such as DNS, CHARGEN, and NTP. In fact, 70 percent of the DDoS attacks in Q1 used the reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.
More than half of the attacks (55 percent) targeted gaming companies, with another 25 percent targeting the software and technology industry.
Q1 2016 also set a record for the number of DDoS attacks exceeding 100 Gigabits per second (Gbps): 19. The largest of these mega attacks mitigated by Akamai peaked at 289 Gbps. Fourteen attacks relied on DNS reflection methods. Last quarter, there were only five mega attacks; the previous record was 17, set in Q3 2014.
During Q4 2015, repeat DDoS attacks became the norm, with an average of 24 attacks per targeted customer in Q4. The trend continued this quarter; targeted customers were attacked an average of 39 times each. One customer was targeted 283 times – an average of three attacks per day.
Compared with Q1 2015
- 125.36 percent increase in total DDoS attacks
- 142.14 percent increase in infrastructure layer (layers 3 & 4) attacks
- 34.98 percent decrease in the average attack duration: 16.14 vs. 24.82 hours
- 137.5 percent increase in attacks > 100 Gbps: 19 vs. eight
Compared with Q4 2015
- 22.47 percent increase in total DDoS attacks
- 23.17 percent increase in infrastructure layer (layers 3 & 4) attacks
- 7.96 percent increase in the average attack duration: 16.14 vs. 14.95 hours
- 280 percent increase in attacks > 100 Gbps: 19 vs. five ■