Story image

DDoS attacks on the rise in New Zealand

22 Jul 15

There is a strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective, according to Arbor Networks’ Q2, 2015 global DDoS attack data.

Of most concern to enterprise networks is the growth in the average attack size, Arbor Networks says.

The largest attack monitored in Q2 was a 196GB/sec UDP flood, a large, but no longer uncommon attack size.

In Q2, 21% of all attacks topped 1GB/sec, while the most growth was seen in the 2-10GB/sec range. However, there was also a significant spike in the number of attacks in the 50 - 100GB/sec range in June.

Average attack size for New Zealand increased significantly to 1.1Gbps/241.95Kpps in Q2 from 430.84Mbps/55.39Kpps in Q1.

“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprises around the world,” says Darren Anstee, Arbor Networks chief security technologist.

“Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the internet connectivity of many businesses it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place,” Anstee says.

New Zealand has higher proportion of attacks of more than 1Gbps compared to APAC. In Q2, New Zealand was 35% versus APAC at just 17%.

The majority of attacks in New Zealand were very short-lived, and approximately 97% were less than one hour.

The average attack duration for New Zealand was just 15 minutes 39 seconds, compared to 23 minutes 46 seconds for Australia and 39 minutes and 53 seconds for APAC.

The proportion of attacks that lasted longer than 12 hours was less than 0.1% for New Zealand in Q2.

The top three sources for attacks on New Zealand in Q2 were China 6%, US 6%  and NZ 1%.

Globally 50% of reflection attacks in Q2 targeted UDP port 80 (HTTP/U) - Port 80 is also the leading target for attacks in New Zealand, but only 18% of attacks targeted it.

Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic.

This technique relies on the fact that many service providers still do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address, and the many poorly configured and protected devices on the internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated, says Arbor Networks.

The majority of very large volumetric attacks leverage a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, with large numbers of significant attacks being detected all around the world, the company says.

Arbor Networks' data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data in order to deliver a comprehensive, aggregated view of global traffic and threats.

ATLAS collects 120TB/sec of internet traffic and is the source of data for the Digital Attack Map, a visualisation of global DDoS attacks created in collaboration with Google Ideas.

Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.