The size and scale of DDoS attacks are rapidly increasing thanks to free tools which eradicate the need for technical knowledge, researchers say.
According to Arbor Networks, over the first six months of 2016, there has been a surge in the frequency and power of distributed denial-of-service (DDoS) attacks, with the most extreme attack reaching 579Gbps.
DDoS attacks are a common way to disrupt businesses and online services. Traffic floods a system with requests, overloading the service and preventing legitimate traffic from getting through. The cost of these attacks can be severe in lost revenue and frustrate users, but rarely cause any intense damage to infrastructure itself.
Data released by the group on Tuesday claims that there is now an average of 124,000 DDoS attacks per week taking place, based on information gathered over the last 18 months.
The US, China, and Korea are the top targets for DDoS attacks, while the US, France, and the UK are the top targets for attacks over 10Gbps. However, this attack scale is small in comparison to some of the most devastating salvos launched against businesses in recent times.
In the first six months of 2016, 274 attacks reaching over 100Gbps were recorded, versus 223 in the full 2015 calendar year. In addition, 46 attacks over 200Gbps have been discovered this year in comparison to 16 in 2015.
The most powerful attack reached 579Gbps, which is a huge jump of 73 percent in peak attack size based on 2015 records. “DDoS remains a commonly used attack type due to the ready availability of free tools and inexpensive online services that allow anyone with a grievance and an internet connection to launch an attack,” the report says. “This has led to an increase in both the frequency, size and complexity of attacks in recent years.”
Unfortunately for most businesses, a 1Gbps DDoS attack is often enough to throw them offline, resulting in service disruption and lost income. The average attack size between January and June this year was 986Mbps — a 30 percent increase over 2015 — and the average attack size is projected to reach 1.15Gbps by the end of this year.
Reflection amplification is a technique used by threat actors to magnify traffic when taking down a target, as well as camouflage where the original traffic surfaced. Many attackers use this method using DNS servers, Network Time Protocol (NTP), Chargen, and Simple Service Discovery Protocol (SSDP). In 2016, DNS has become the most prevalent protocol and through the use of DNS, the strongest attack monitored was 480Gbps.
However, not all attacks require reflection amplification. For example, LizardStresser, asubscription-based DDoS tool created by Lizard Squad, has been used to target everything from gamers to government institutions in attacks reaching 400Gbps.
Darren Anstee, Arbor Networks Chief Security Technologist commented:
“High bandwidth attacks can only be mitigated in the cloud, away from the intended target. However, despite massive growth in attack size at the top end, 80 percent of all attacks are still less than 1Gbps and 90 percent last less than one hour.
On-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.”
Sometimes, just the threat of a crippling DDoS on a business is enough. In April, researchers estimated that threat group Armada Collective has earned at least $100,000 by simply sending emails to businesses threatening to launch debilitating attacks unless they paid a “protection fee” to stop the attacks going forward.