Story image

DDoS attacks on the rise in New Zealand

22 Jul 2015

There is a strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective, according to Arbor Networks’ Q2, 2015 global DDoS attack data.

Of most concern to enterprise networks is the growth in the average attack size, Arbor Networks says.

The largest attack monitored in Q2 was a 196GB/sec UDP flood, a large, but no longer uncommon attack size.

In Q2, 21% of all attacks topped 1GB/sec, while the most growth was seen in the 2-10GB/sec range. However, there was also a significant spike in the number of attacks in the 50 - 100GB/sec range in June.

Average attack size for New Zealand increased significantly to 1.1Gbps/241.95Kpps in Q2 from 430.84Mbps/55.39Kpps in Q1.

“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprises around the world,” says Darren Anstee, Arbor Networks chief security technologist.

“Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the internet connectivity of many businesses it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place,” Anstee says.

New Zealand has higher proportion of attacks of more than 1Gbps compared to APAC. In Q2, New Zealand was 35% versus APAC at just 17%.

The majority of attacks in New Zealand were very short-lived, and approximately 97% were less than one hour.

The average attack duration for New Zealand was just 15 minutes 39 seconds, compared to 23 minutes 46 seconds for Australia and 39 minutes and 53 seconds for APAC.

The proportion of attacks that lasted longer than 12 hours was less than 0.1% for New Zealand in Q2.

The top three sources for attacks on New Zealand in Q2 were China 6%, US 6%  and NZ 1%.

Globally 50% of reflection attacks in Q2 targeted UDP port 80 (HTTP/U) - Port 80 is also the leading target for attacks in New Zealand, but only 18% of attacks targeted it.

Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic.

This technique relies on the fact that many service providers still do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address, and the many poorly configured and protected devices on the internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated, says Arbor Networks.

The majority of very large volumetric attacks leverage a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, with large numbers of significant attacks being detected all around the world, the company says.

Arbor Networks' data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data in order to deliver a comprehensive, aggregated view of global traffic and threats.

ATLAS collects 120TB/sec of internet traffic and is the source of data for the Digital Attack Map, a visualisation of global DDoS attacks created in collaboration with Google Ideas.

61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
VMware allures APJ channel veteran to take the reins
Balasingam will take on the role of vice president for VMware’s partner business in Asia Pacific and Japan (APJ).
Security top priority for Filipinos when choosing a bank - Unisys
Filipinos have greatest appetite in Asia Pacific to use biometrics to access banking services
Opinion: Modular data centers mitigate colocation construction risks
Schneider's Matthew Tavares believes modular data centers are key for colocation providers seeking a competitive advantage with rapid deployment.
Alibaba Cloud opening up data centres & services for AU businesses
At its dedicated China Gateway Summit held in Sydney, Alibaba Cloud announced its new programme for Australian business partners and clients.
VMware announces new features in WMware Cloud, Dell EMC integrations
VMware announced VMware Cloud Foundation 3.7 is expected to be available on Dell EMC VxRail in VMware’s Q1FY20.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.