The industry categories most frequently targeted by DDoS attacks were IT services/cloud/SaaS, representing 32% of mitigation activity in Q4 2015; and media and entertainment, representing 30% of all mitigations. Also heavily targeted were the financial and public sectors, representing 15% and 10% of all mitigations and averaging 2.8 gigabits per second and 2.5 Gbps in attack size, respectively. Attack sizes in the e-commerce and telecommunications sectors were large compared to other industries, averaging 12.7 Gbps and 11.9 Gbps, respectively.

For the time period beginning Oct. 1, 2015 and ending Dec. 31, 2015, Verisign observed the following key trends and events:

• Verisign mitigated 85% more attacks in Q4 2015 compared to Q4 2014, and 15% more attacks compared to Q3 2015.
• The fastest flood attack mitigated by Verisign occurred in Q4 2015, sending 125 million packets per second, and driving a volumetric DDoS attack of 65 Gbps.
• The average attack size observed by Verisign continues to be high at 6.88 Gbps, with nearly a third of attacks peaking at more than five Gbps.
• The most common attacks Verisign mitigated were User Datagram Protocol floods, including Network Time Protocol, Domain Name System and Simple Service Discovery Protocol floods, which collectively accounted for approximately 75% of attacks in Q4 2015. In UDP floods, the attacker overwhelms random ports. The remaining portion of attacks mitigated consisted of TCP floods (15%) and application layer attacks (10%).
• Some of the Internet's Domain Name System root name servers, including the A- and J-root servers operated by Verisign, were DDoS attack targets. The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Internet.
• In terms of attack size, more than 62% of attacks mitigated by Verisign peaked at more than one Gbps and almost one third peaked at more than five Gbps.

Attacks mitigated by Verisign in Q4 2015 yielded an average peak size of 6.88 Gbps, which was consistent with trends from the last two years. The largest volumetric attack Verisign defended in Q4 2015 was a multi-vector attack targeting the telecommunications industry, which peaked at 65 Gbps and 125 Mpps.

"The 125 Mpps flood is one of the most packets per second floods ever observed by Verisign, surpassing the previous flood of 91 Mpps mitigated by Verisign in Q2 2014," the firm revealed. "This attack, aimed at disrupting critical network services, consisted of multiple short bursts in DDoS traffic and continued intermittently for several weeks."

A separate study, The Verisign iDefense 2016 Cyberthreats and Trends Report, disclosed the growing reliance on the connected digital world for a variety of business tasks has forced professional security practitioners to accept an increasingly stark reality.

"Attackers are no longer interested solely in taking down large enterprise networks or just stealing data, nor are they limited by their own ingenuity and skill," the report stated.

In addition, collectives such as TeamBudyBear25 and OurMine26 conducted malicious attacks – most frequently DDoS-based – against a range of targets, including members of the online gaming industry as well as financial institutions, government organizations and other industries.