Verisign observed a significant increase in the frequency of DDoS attacks in Q3, representing a 53 percent increase over the previous quarter. In fact, DDoS activity in Q3 increased to the highest it has been in any quarter over the last two years.
For the period starting 1 July-30 Sept, 2015, several customers were hit with long, repeated attacks, some as many as eight times over the course of the quarter, Verisign said.
In terms of size, more than one-third of attacks peaked over 5 Gbps while one in five attacks peaked over 10 Gbps. Fifty-nine percent of attacks peaked at more than 1 Gbps; 20 percent of attacks were greater than 10 Gbps. Verisign saw the average attack size increase to 7.03 Gbps, 27 percent higher than Q2 2015.
For the fourth consecutive quarter, the industry most frequently targeted by DDoS attacks was IT Services/Cloud/SaaS, representing 29 percent of mitigation activity in Q3. Media and Entertainment represented 26 percent of mitigations, followed by financial (15 percent), public sector (13 percent), telecom (12 percent), and e-commerce/online advertising (5 percent).
Continuing the trend of the year, the most common DDoS attack types were Network Time Protocol (NTP), Domain Name System (DNS) and Simple Service Discovery Protocol (SSDP) UDP floods, which accounted for approximately 65 percent of attacks in the quarter. The balance of attacks mitigated were TCP floods (20 percent) and application layer attacks (15 percent).
Operating systems once thought to be more secure against malware and vulnerabilities, like Linux, Mac OS X and iOS, are increasingly becoming the target of bot herders and malware authors, Verisign said in its report.
An analysis of 2014 data from the National Vulnerability Database shows that Apple led the pack in the number of vulnerabilities with 147 for Mac OS X and 127 for the iOS system, followed closely behind by Linux with 119 vulnerabilities. "This year, we’ve seen malicious actors capitalize on this with the emergence of new malware via these operating systems to launch DDoS attacks, phish user credentials and gather other personal information."
Your guide to the latest cricket World Cup stories, analysis, reports, opinions, live updates and scores on https://www.firstpost.com/firstcricket/series/icc-cricket-world-cup-2019.html. Follow us on Twitter and Instagram or like our Facebook page for updates throughout the ongoing event in England and Wales.
Updated Date: Dec 01, 2015 17:03:16 IST