2014 DDoS attacks: Heavier and in higher volume

According to new research, the first half of 2014 has seen the most volumetric DDoS attacks on record.


The first half of 2014 has seen the most volumetric DDoS attacks on record, making the attack events heavier and more difficult for corporations to cope with.

According to the Q2 ATLAS report released by Arbor Networks, there has been double the number of DDoS events reaching over 20Gbps in comparison to 2013, and over 100 events at 100Gbps have been recorded this year.

The DDoS and advanced threat protection solutions provider's ATLAS research is conducted through anonymous traffic data shared by approximately 300 service provider customers. This data is then aggregated and analyzed to provide an outlook on today's global traffic and threats. Arbor Networks says that ATLAS collects statistics that represent 90TB/sec of Internet traffic and this data is used for the Digital Attack Map, a visualisation of global attack traffic created in collaboration with Google Ideas.

In the first half of the year, the most volumetric DDoS attacks on record were recorded, with more than 100 events over 100GB/sec reported so far. By June, double the number of events over 20GB/sec in comparison to the total of last year were detected. The largest reported attack in Q2 was 154.69GB/sec, and the NTP reflection attack was launched against a Spanish target.

NTP reflection DoS cyberattacks, which use address spoofing to overwhelm a target with requests, were prevalent at the beginning of the year. While still significant, the size and scope of NTP reflection attacks are down in comparison to Q1 2014. Average NTP traffic volumes are falling back globally.

"Following on from the storm of NTP reflection attacks in Q1 volumetric DDoS attacks continued to be a problem well into the second quarter, with an unprecedented 100 attacks over 100GB/sec reported so far this year. We've also already seen more than twice the number of attacks over 20GB/sec than we saw in the whole of last year,” said Arbor Networks Director of Solutions Architects Darren Anstee.

"The frequency of very large attacks continues to be an issue, and organisations should take an integrated, multi-layered approach to protection. Even organisations with significant amounts of Internet connectivity can now see that capacity exhausted relatively easily by the attacks that are going on out there."

See more detailed findings here.