Largest DDoS recorded in 2015 hits 500gbps

Researchers at Arbor Networks say the largest DDoS attack it recorded in 2015 reached 500gbps, up from a 400Gbps peak recorded in 2014. 

The firm interviewed 354 global network operators from the US, Canada, Latin America, Europe, Middle East, Africa, Asia Pacific and Oceania.

Many respondents from enterprises and data centres said that as a result of a DDoS attack, firewall and IPS devices had failed. Around half of surveyed data centres suffered DDoS attacks which maxed out their entire internet bandwidth – an increase from 33 percent last year.

DDoS attacks on DNS servers were up from 17 percent last year to 30 percent this year. 

Attacks on cloud-based services were shown to be up by a third over the previous year.

According to the report, the top motivation behind DDoS attacks is “criminals demonstrating attack capabilities,” with “gaming” and “criminal extortion attempts” in second and third place respectively.

“A growing proportion of respondents are seeing DDoS attacks being used as a distraction for either malware infiltration or data exfiltration. This year, 26 percent see this as a common or very common motivation, up from 19 percent last year,” said the report.

“A constantly evolving threat environment is an accepted fact of life for survey respondents,” said Arbor Networks chief security technologist Darren Anstee.

Richard Cassidy, technical director EMEA at Alert Logic, told SCMagazineUK.com that cyber-criminals are becoming increasingly effective at compromising poorly protected cloud services, adding to their BOTNET coverage.

He pointed out their bandwidth capability is in most cases substantially higher (10Gbps+) than traditionally compromised on-premise infrastructures that would have average uplink speeds of around 25-75mbps.

“This means that botnet coverage rates don't need to have the spread they used to.

"For example, when launching an attack of 100gbps plus, you might only need five to ten cloud-hosted environments to reach the required bandwidth levels, as opposed to thousands of machines across hundreds of compromised organisations, under legacy DDoS approaches,” he said.

“In the end this means that cyber-criminals have the ability to do a great deal more damage, far more quickly than ever before and if they're shut down via one source of attack through DDoS mitigation tools, they can switch to a new set of sources very quickly to sustain the threat to a high degree of success."

This article originally appeared at scmagazineuk.com