Story image

DDoS attacks on the rise in New Zealand

22 Jul 2015

There is a strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective, according to Arbor Networks’ Q2, 2015 global DDoS attack data.

Of most concern to enterprise networks is the growth in the average attack size, Arbor Networks says.

The largest attack monitored in Q2 was a 196GB/sec UDP flood, a large, but no longer uncommon attack size.

In Q2, 21% of all attacks topped 1GB/sec, while the most growth was seen in the 2-10GB/sec range. However, there was also a significant spike in the number of attacks in the 50 - 100GB/sec range in June.

Average attack size for New Zealand increased significantly to 1.1Gbps/241.95Kpps in Q2 from 430.84Mbps/55.39Kpps in Q1.

“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprises around the world,” says Darren Anstee, Arbor Networks chief security technologist.

“Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the internet connectivity of many businesses it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place,” Anstee says.

New Zealand has higher proportion of attacks of more than 1Gbps compared to APAC. In Q2, New Zealand was 35% versus APAC at just 17%.

The majority of attacks in New Zealand were very short-lived, and approximately 97% were less than one hour.

The average attack duration for New Zealand was just 15 minutes 39 seconds, compared to 23 minutes 46 seconds for Australia and 39 minutes and 53 seconds for APAC.

The proportion of attacks that lasted longer than 12 hours was less than 0.1% for New Zealand in Q2.

The top three sources for attacks on New Zealand in Q2 were China 6%, US 6%  and NZ 1%.

Globally 50% of reflection attacks in Q2 targeted UDP port 80 (HTTP/U) - Port 80 is also the leading target for attacks in New Zealand, but only 18% of attacks targeted it.

Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic.

This technique relies on the fact that many service providers still do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address, and the many poorly configured and protected devices on the internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated, says Arbor Networks.

The majority of very large volumetric attacks leverage a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, with large numbers of significant attacks being detected all around the world, the company says.

Arbor Networks' data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data in order to deliver a comprehensive, aggregated view of global traffic and threats.

ATLAS collects 120TB/sec of internet traffic and is the source of data for the Digital Attack Map, a visualisation of global DDoS attacks created in collaboration with Google Ideas.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.