​DDoS attacks in Australia are shorter but bigger: Arbor Networks

DDoS attackers are using shorter bursts of activity to infiltrate servers and networks in a large way, compared to the rest of DDoS attacks in Asia-Pacific.

Arbor Networks' first-quarter Active Threat Level Analysis System (ATLAS) report on distributed denial-of-service (DDoS) attacks showed that Australia experienced a shorter duration of DDoS attack activity, but that the attacks were greater in scale, in comparison to the rest of Asia-Pacific.

Arbor Networks found that the attack length in Australia during the first quarter of 2015 was 22 minutes, versus 46 minutes in Asia-Pacific. As a result, the majority of attacks were so short lived that 96 percent lasted less than one hour, compared to Asia-Pacific, where 90 percent of attacks lasted less than an hour.

However, the average size of DDoS attacks in Australia was 1.25Gbps; approximately twice as big as the average attack recorded in Asia-Pacific.

"The short duration of attacks reported in Q1 is interesting. Short bursts of DDoS attack activity require automated defences to protect against them," said Nick Race, Australia country manager for Arbor Networks.

"Operators in Australia absolutely should take note. On-premise DDoS protection is essential for both detection and mitigation of attacks, enabling bad traffic to be scrubbed in an immediate and automated fashion."

According to Arbor Networks, attackers leveraged reflection amplification techniques on network time protocol, simple service discovery protocol (SSDP), and DNS servers.

In Australia, SSDP topped the list for most common individual reflection attack in the first quarter, with the largest reported at 26Gbps. But the largest individual attack was an NTP reflection attack that was recorded at 51Gbps.