Denial of Service Attacks Overwhelmingly Target Financial Services: Verisign

The 57% of DDoS attacks against financial services more than doubled the next closest category, IT Services/ Cloud/SaaS (26%), and more than tripled telecoms (17%) in 2018’s first three months.

The Reston, Va.-based Verisign’s Distributed Denial of Service Trends Report for the first quarter of 2018 also observed an increase in size and number with 53% increase compared last quarter of 2017; and 74% of DDoS attacks over 1 gigabits per second. Year-over-year the average of attack peak sizes decreased 21%.

A DDoS assault happens when multiple systems overwhelm a besieged system. Such an attack frequently overruns the targeted system with traffic, making the online service unavailable to users. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event. “Multi-vector DDoS attacks require continuous monitoring to detect shifts in vectors as well as expert mitigation management to adapt countermeasures in response to the shifts,” Verisign strongly suggested.

Verisign additionally observed that 67% of its customers who experienced DDoS attacks in the first quarter of 2018 received multiple hits during the quarter. “Overall, DDoS attacks remain unpredictable and vary widely in terms of speed and complexity,” the report said.

The largest volumetric and highest intensity DDoS attack observed by Verisign in the first quarter of 2018 was a multi-vector attack that peaked at approximately 70 Gbps and 7.4 million packets per second. This attack initially sent a flood of traffic for about thirty minutes that peaked at 10 Gbps. The attack returned thirty minutes later and sent another wave of traffic peaking at 70 Gbps and 7.4 Mpps. The attack consisted of a wide range of attack vectors including TCP SYN and TCP RST floods, DNS and SNMP Amplification attacks, ICMP floods and invalid packets. The attack consisted of a wide range of attack vectors including TCP SYN and TCP RST floods, DNS and SNMP amplification attacks.

Verisign revealed 50% of DDoS attacks were User Datagram Protocol floods. TCP-based attacks were the second most common attack vector, making up 26 percent of attack types in the quarter. Fifty-eight percent of DDoS attacks mitigated by Verisign in Q1 2018 employed multiple attack types.

The most common UDP floods included Domain Name System, Network Time Protocol, Lightweight Directory Access Protocol, Simple Network Management Protocol and Memcached reflective amplification attacks.

Verisign observed the emergence of the memcached reflection and amplification attacks. Unsecured memcached servers left exposed on the internet could exploit the system when an attacker sends UDP-based packets spoofed with the victim’s IP address to the unsecured memcache server. The memcache server response can be 51,000 times the size of the request, allowing for massive amplification in this volumetric DDoS threat.