Arbor: DDoS Attacks Go Even Bigger In 1H 2016

Ransomware is getting a lot of press, but Arbor Networks’ global DDoS attack data for the first six months of 2016, released Tuesday, suggests that distributed-denial-of-service attacks are not only getting bigger, they’re becoming more frequent.

That’s according to the ATLAS consortium of more than 330 service providers that share anonymous traffic data with Arbor to deliver an aggregated view of global traffic and threats. ATLAS provides data for the Digital Attack Map, a visualization of global attack traffic.

On Monday, attackers took aim at Pokémon Go. Reports say that the culprits were teenagers looking to sell security services. As with ransomware, there’s a low cost of entry for DDoS attackers — tools are free and cloud servers from which to launch are cheap.

Top level stats: ATLAS has observed an average of 124,000 events per week over the last 18 months, with a 73 percent increase in peak attack size over 2015, to 579 Gbps. Arbor says that translates into 274 attacks over 100 Gbps in 1H 2016, versus 223 in 2015, and 46 attacks over 200 Gbps in the first half versus 16 in 2015. The largest verified attack for 2015 was 500 Gbps. Eleven years ago, when Arbor began the survey, it was 8 Gbps.

We’re seeing the dark side of IoT here. Arbor says the LizardStresser DDoS botnet is using Internet-of-Things devices to launch massive attacks, as large as 400 Gbps, without the use of telltale reflection amplification techniques. To put that in perspective, even a 1 Gbps attack will knock most companies completely offline. {ad}

“The data demonstrates the need for hybrid, or multi-layer DDoS defense,” said Darren Anstee, Arbor Networks’ chief security technologist, in a statement.

Partners ought to also be talking to customers about deep defense and contingency plans in case they become targets. Our free report provides advice on helping develop and implement a strategy for mitigating DDoS attacks.

Short version, it’s virtually impossible for any customer to deflect even a moderate sustained assault. DDoS mitigation services use advanced detection techniques and specialized software to detect, monitor and block attacks. Think of it as proactive insurance — these services are designed to prevent destruction in the first place. There are also DDoS appliances from Arbor Networks, Check Point, Fortinet and others for customers that prefer not to sign on to a service, and earlier this year Arbor launched a collaboration with Cisco to host a virtual version of its DDoS mitigation appliance on a blade in Cisco’s ASR 9000 routers. Rather than routing traffic across the WAN to a scrubbing center, you can help customers mitigate close to the egress point of an attack.

Other tips: Make sure customer firewalls and other edge security devices are tuned to spot, for example, spoofed or malformed packets and enforce connection limits per server and client. Block access to known botnet servers, keep systems patched and help clients develop a contingency plan to activate should an attack knock parts of the network offline.

Arbor Networks is the security division of NetScout. Its partner program offers technical training and support.

Follow editor in chief @LornaGarey on Twitter.