Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Industry

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Distributed Denial of Service Trends Report – Verisign provides a unique view into the attack trends unfolding online for the previous quarter, including attack statistics, behavioral trends and future outlook. (Learn More)Verisign just released its Q2 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Many notable observations were made, including:

  • Attacks over five Gbps accounted for 18 percent of all attacks, an increase of two percentage points over Q1 2015.
  • Verisign continued to see an upward trend in the number of attacks in Q2 and mitigated 34 percent more attacks in the first half of 2015 than in the first half of 2014.
  • IT Services/Cloud/SaaS customers experienced the largest volume of attacks in Q2, representing over one-third of all attacks.

The most notable observation is that Verisign’s customer base experienced increased activity from the DDoS for Bitcoin (DD4BC) attacker group in the form of ransom threats, some of which culminated into actual DDoS attacks. While most DDoS attacks range between one to five Gbps, Verisign mitigated DDoS attacks by this group peaking at 25 Gbps in July 2015 (outside of the Q2 period). Additionally, almost a third of the DDoS attacks mitigated by Verisign under the one Gbps range were driven in part by the DD4BC campaign and targeted the Financial industry.

Following are additional highlights of trends observed:

  • The largest volumetric attack Verisign defended in Q2 was a User Datagram Protocol (UDP) flood with a mix of Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) traffic that targeted the Media and Entertainment industry and peaked at 82 Gbps and 22 Mpps.
  • The average attack size increased to 5.53 Gbps, 52 percent higher than Q1 2015.
  • Thirty-eight percent of attacks peaked at more than one Gbps and 20 percent of attacks were between one and five Gbps.
  • The primary DDoS attack vector leveraged in Q2 were UDP floods consisting of NTP and SSDP traffic.
  • The Financial (and Payments) sector was the second most targeted industry, making up 22 percent of attacks mitigated by Verisign, up from 18 percent in Q1 2015 and largely driven by the DD4BC attacker group.
  • The Media and Entertainment industry remains a heavily targeted industry, representing 20 percent of all Verisign mitigations in Q2.

Finally, this quarter’s feature article focuses on one of the most prolific cyber-attack stories during Q2: DD4BC, a small group of people (determined by Verisign iDefense to likely be fewer than five) that has conducted extortion operations globally against at least three dozen known targets – and countless unknown – in industries including Banking, Exchanges (Bitcoin specifically) and Gaming. “The DD4BC Threat Campaign” takes a closer look at the tactics, techniques and procedures (TTPs) deployed by the DD4BC operation and explains why company networks are vulnerable.

Verisign

About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Visit Page

SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

DNS Security

Sponsored byAfilias

Mobile Internet

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.