Home / Industry

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Distributed Denial of Service Trends Report – Verisign provides a unique view into the attack trends unfolding online for the previous quarter, including attack statistics, behavioral trends and future outlook. (Learn More)Verisign just released its Q2 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Many notable observations were made, including:

  • Attacks over five Gbps accounted for 18 percent of all attacks, an increase of two percentage points over Q1 2015.
  • Verisign continued to see an upward trend in the number of attacks in Q2 and mitigated 34 percent more attacks in the first half of 2015 than in the first half of 2014.
  • IT Services/Cloud/SaaS customers experienced the largest volume of attacks in Q2, representing over one-third of all attacks.

The most notable observation is that Verisign’s customer base experienced increased activity from the DDoS for Bitcoin (DD4BC) attacker group in the form of ransom threats, some of which culminated into actual DDoS attacks. While most DDoS attacks range between one to five Gbps, Verisign mitigated DDoS attacks by this group peaking at 25 Gbps in July 2015 (outside of the Q2 period). Additionally, almost a third of the DDoS attacks mitigated by Verisign under the one Gbps range were driven in part by the DD4BC campaign and targeted the Financial industry.

Following are additional highlights of trends observed:

  • The largest volumetric attack Verisign defended in Q2 was a User Datagram Protocol (UDP) flood with a mix of Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) traffic that targeted the Media and Entertainment industry and peaked at 82 Gbps and 22 Mpps.
  • The average attack size increased to 5.53 Gbps, 52 percent higher than Q1 2015.
  • Thirty-eight percent of attacks peaked at more than one Gbps and 20 percent of attacks were between one and five Gbps.
  • The primary DDoS attack vector leveraged in Q2 were UDP floods consisting of NTP and SSDP traffic.
  • The Financial (and Payments) sector was the second most targeted industry, making up 22 percent of attacks mitigated by Verisign, up from 18 percent in Q1 2015 and largely driven by the DD4BC attacker group.
  • The Media and Entertainment industry remains a heavily targeted industry, representing 20 percent of all Verisign mitigations in Q2.

Finally, this quarter’s feature article focuses on one of the most prolific cyber-attack stories during Q2: DD4BC, a small group of people (determined by Verisign iDefense to likely be fewer than five) that has conducted extortion operations globally against at least three dozen known targets – and countless unknown – in industries including Banking, Exchanges (Bitcoin specifically) and Gaming. “The DD4BC Threat Campaign” takes a closer look at the tactics, techniques and procedures (TTPs) deployed by the DD4BC operation and explains why company networks are vulnerable.


About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Learn More

Related topics: Cyberattack, Cybercrime, Cybersecurity, DDoS, Networks


Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Mobile Web Intelligence Report: Bots and Crawlers May Represent up to 50% of Web Traffic