After winning seven gold medals at the 1972 Olympics, setting new world records in each event, American swimming star Mark Spitz famously said “records are meant to be broken.” He was referring, of course, to achievements which should be celebrated – and not to notorious records like one set in 2015: the largest DDoS (Distributed Denial of Service) attack ever recorded.
Unfortunately, Spitz’s comment is probably applicable to the new DDoS record; there’s no sign that the size of blunt force attacks on computer servers will drop or even stabilize anytime soon but we are ready at our end to offer DDOS protection to our clients if they do face a large attack.
The 500 Gbps Attack
Word of the largest DDoS attack on record, 500 Gbps, was contained in the annual survey of 354 Internet hosts and service providers done by Arbor Networks, a large online security solutions company. There were no other specifics about the attack provided, other than the facts that it was reported by a third-party and a complete analysis hasn’t been done as of yet. So it’s not known exactly what types of services or servers were hit and how long the assault lasted.
The 500 Gbps DDoS was nearly double the size of the attack believed to be the previous “record holder,” the infamous 300 Gbps blast conducted by a British teenager against Spamhaus in 2013. But if the new, enormous attack hadn’t happened, there still would have been a new record set as Arbor Networks reports that there were also DDoS attacks of 450 Gbps, 425 Gbps and 337 Gbps during the year.
The report says that data highlight a notable surge in high-end DDoS forays against providers. For 2015, almost 25% of survey respondents said they’d been the targets of attacks over 100 Gbps in size; in 2014, the “highlight” of the peak attack data had been that 20% had suffered DDoS attacks above 50 Gbps. It’s an obvious, and troubling, trend.
Types and Motives of DDoS Attacks
The Arbor Networks survey contained several other noteworthy results.
The number and severity of application-layer attacks, targeting network components like DNS servers rather than just web servers, is on the rise. Nearly every survey respondent said they had been subject to application-layer assaults over the last year, resulting in client outages for one-third of the providers as opposed to only one-quarter of them in 2014. Arbor Networks also says that simultaneous, multi-vector attacks against services, applications and infrastructures are more common than ever, although brute-force amplification and reflection DDoS attacks against network time protocol servers remain “popular” among hackers. Attackers are also targeting cloud servers more than has been seen in previous years, up by 33% in 2015.
Two final items from the survey worth considering: the primary motivation for DDoS attacks seems to be shifting from vandalism or activist causes to pure financial extortion of the victims, and more than 50% of all respondents say that DDoS issues have caused their Internet connectivity to be completely saturated and their inline firewalls overcome. The report didn’t draw a firm conclusion, but it seems obvious that much more needs to be done by Internet service providers and hosts in the areas of DDoS protection and mitigation in the coming years.