Story image

DDoS attacks on the rise in New Zealand

22 Jul 15

There is a strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective, according to Arbor Networks’ Q2, 2015 global DDoS attack data.

Of most concern to enterprise networks is the growth in the average attack size, Arbor Networks says.

The largest attack monitored in Q2 was a 196GB/sec UDP flood, a large, but no longer uncommon attack size.

In Q2, 21% of all attacks topped 1GB/sec, while the most growth was seen in the 2-10GB/sec range. However, there was also a significant spike in the number of attacks in the 50 - 100GB/sec range in June.

Average attack size for New Zealand increased significantly to 1.1Gbps/241.95Kpps in Q2 from 430.84Mbps/55.39Kpps in Q1.

“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprises around the world,” says Darren Anstee, Arbor Networks chief security technologist.

“Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the internet connectivity of many businesses it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place,” Anstee says.

New Zealand has higher proportion of attacks of more than 1Gbps compared to APAC. In Q2, New Zealand was 35% versus APAC at just 17%.

The majority of attacks in New Zealand were very short-lived, and approximately 97% were less than one hour.

The average attack duration for New Zealand was just 15 minutes 39 seconds, compared to 23 minutes 46 seconds for Australia and 39 minutes and 53 seconds for APAC.

The proportion of attacks that lasted longer than 12 hours was less than 0.1% for New Zealand in Q2.

The top three sources for attacks on New Zealand in Q2 were China 6%, US 6%  and NZ 1%.

Globally 50% of reflection attacks in Q2 targeted UDP port 80 (HTTP/U) - Port 80 is also the leading target for attacks in New Zealand, but only 18% of attacks targeted it.

Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic.

This technique relies on the fact that many service providers still do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address, and the many poorly configured and protected devices on the internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated, says Arbor Networks.

The majority of very large volumetric attacks leverage a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, with large numbers of significant attacks being detected all around the world, the company says.

Arbor Networks' data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data in order to deliver a comprehensive, aggregated view of global traffic and threats.

ATLAS collects 120TB/sec of internet traffic and is the source of data for the Digital Attack Map, a visualisation of global DDoS attacks created in collaboration with Google Ideas.

IP theft: A global issue catching NZ businesses off guard
“We have this incredible record of innovation in New Zealand. But our innovative businesses haven’t always been meticulous in shoring up their IP."
Why A/NZ organisations need to improve compliance protocols
Only a mere 4% of IT decision makers and data managers surveyed said their organisation faced no data management challenges. 
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
BlackBerry buys out cybersecurity AI firm Cylance
“We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
Data protection is key to building customer trust
"New data compliance rules offer an opportunity for businesses to re-evaluate their processes and improve data management and customer loyalty."
NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."