SlideShare a Scribd company logo

Q1 2017 DDoS Threat Report: Attackers Don't Go on Vacation During Holidays

Andrey Apuhtin
Andrey Apuhtin

This document provides a summary of DDoS attack trends in Q1 2017 according to Nexusguard's analysis. Key findings include a 380% increase in attacks compared to the previous year, with unusually large attacks on holidays such as Chinese New Year and Valentine's Day. HTTP floods became the most common attack vector. The US was the top source of attacks globally, while China was the top source in the Asia-Pacific region. Larger and more complex multi-vector attacks targeting both volumetric and application layers became more common.

Software
1 of 13
Download to read offline
Distributed Denial of Service (DDoS) Threat Report Q1 2017 Threat Report Global Leader in DDoS Mitigation nexusguard.com456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA | +1 415 299 8550
2 Contents 1. Methodology . . . . . . . . . . . . . . . . . . . 3 2. Key Observations for Q1 2017 . . . . . . . . . . . . . . . 4 5. Conclusions . . . . . . . . . . . . . . . . . . . 12 3. Quarterly Focus: Attackers Don’t Go on Vacation During Holidays . . . . . 5 3.1 Holidays Are No Longer Peaceful . . . . . . . . . . . . . . . . . . . 5 3.2 A New Years Nightmare . . . . . . . . . . . . . . . . . . . 5 3.3 Heavy Hits on the Day of Romance . . . . . . . . . . . . . . . 5 3.4 Attack Frequency Changes . . . . . . . . . . . . . . . 6 nexusguard.com 4. DDoS Activities . . . . . . . . . . . . . . . . . . . 7 4.1 Types of Vectors . . . . . . 7 4.2 Quantity of Attack Vectors . . . . . . 8 4.3 Attack Duration . . . . . . 8 4.4 Attack Size Distribution . . . . . . 9 4.5 Global Attack Source Distribution . . . . . . 9 4.6 APAC Attack Source Distribution . . . . . . 10 4.7 Reflective DDoS Attacks by Autonomous System Number (ASN) . . . . . . 11
1. Methodology As the global leader in Distributed Denial of Service (DDoS) attack mitigation, Nexusguard observes and collects real-time data on threats facing enterprise and service-provider networks worldwide. Data is gathered via botnet scanning, Honeypots, ISPs, and traffic moving between attackers and their targets. The analysis conducted by Nexusguard and our research partner, attackscape.com (https://www.attackscape.com/), identifies vulnerabilities and measures attack trends worldwide to provide a comprehensive view of DDoS threats. Attacks and hacking activities exert a sizeable impact on cybersecurity. Because of the comprehensive, global nature of our data sets and observations, Nexusguard is able to evaluate DDoS events in a manner that is not biased by any single set of customers or industries. Many zero-day threats are first seen on our global research network. These threats, among others, are summarized in our quarterly reports. 3 nexusguard.com
4 2. Key Observations for Q1 2017 • In Q1 2017, the number of DDoS attacks observed by Nexusguard registered a 380% year-on-year growth, suggesting that DDoS attacks occurred more frequently than the same period a year ago. It can be concluded that the impact of seasonal factors on attack frequency has become less apparent. • Uncommonly fierce attacks were observed in Q1 2017 — much more so than in preceding quarters. An enormous 275Gbps attack took place during Valentine’s Day and a lengthy attack spanning 4,060 minutes occurred over the Chinese New Year. • The percentage of days with sizeable attacks (larger than 10Gbps) grew considerably between January (48.39%) and March (64.29%). • HTTP attack counts and total attack counts increased over Q4 2016 by 147.13% and 37.59% respectively. nexusguard.com
5 3. Quarterly Focus: Attackers Don’t Go on Vacation During Holidays 3.1 Holidays Are No Longer Peaceful Prior to 2017, attacks were not common in the year’s first quarter. This year, however, the magnitude and frequency of attacks reached an unprecedented level. Two attacks with the largest size and duration ever were tracked during Q1 holidays in APAC and the West. 3.2 A New Years Nightmare In APAC, a lengthy attack January 28-31, the period of Chinese New Year, lasted 2 days, 19 hours, and 40 minutes. It was a widespread, disruptive event that left celebrants weary and exhausted upon returning to work. 3.3 Heavy Hits on the Day of Romance In the West, an attack over Valentine’s Day (February 14-15) lasting 21 hours and 31 minutes spiked up to 275.77Gbps. It was an unusual event in that Valentine’s Day had not been targeted previously. nexusguard.com As noted in our Q4 2016 report, 200+Gbps attacks have become commonplace. Such large- scale attacks continued this quarter, but now with more frequency, longer durations, and greater complexity, especially with the increased use of HTTP GET/POST flood to target the application layer. Multi-vector attacks in the form of advanced persistent threats (APT) also became more common. During Q1, attackers didn’t take a break for any holidays.
Q1 2017 saw increased frequency of DDoS attacks compared with corresponding quarters in 2015 and 2016, during which attacks were less scalable and frequent. 2017 attack counts increased by 231.12% over Q1 2015 and 379.84% over Q1 2016. The turning point, when gigantic, continuous attacks began to wreak havoc, appears to be Q4 2016, reflecting a ripple effect of increased Botnet activity that occurred in the year’s final quarter. 6 3.4 Attack Frequency Changes nexusguard.com Figure 1. Attack Frequency in Q1 — 2015 through 2017
4.1 Types of Vectors In Q1 2017, 21 attack vectors were identified in 16,641 attacks. HTTP Flood was the predominant type, contributing 24.36%. TCP Flag Invalid Attack took second place at 20.28%. TCP SYN Attack and UDP Attack were the third and fourth leading vectors with 17.17% and 13.85% respectively. Figure 2. Distribution of DDoS Attack Vectors The total number of attacks in Q1 2017 jumped 37.59% over Q4 2016. HTTP attacks proliferated, showing an increase of 147.13% in the quarter. Application layer attacks encompassing HTTP Flood (86.77%) and HTTPS Flood (13.23%) soared as predicted in our Q4 2016 threat report. 93.75% of the attacks were mixed with volumetric and application aspects, whereas only 6.25% were pure application attacks. Since they call for multi-layered defense mechanisms, which are costly and, therefore, target enterprises have yet to upgrade their DDoS attack mitigation solutions to in order protect their online resources from the growing threat of multi-vector DDoS attacks. 7 4. DDoS Activities nexusguard.com 24.36% 20.28% 17.17% 13.85% 6.96% 3.71% 3.20% 2.36% 1.99% 1.60% 1.23% 1.15% 0.89% 0.83% 0.23% 0.16% 0.01% 0.01% 0.01% 0.01% 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% HTTP Flood TCP Flag Invalid Attack TCP SYN Attack UDP Attack IP Fragmentation Attack HTTPS Flood ICMP Attack TCP RST Attack DNS Amplification Attack UDP Fragmentation Attack DNS Attack NTP Amplification Attack SSDP Amplification Attack IP Bogons TCP Fragmentation Attack SNMP Amplification Attack SIP Flood IP LAND Attack TCP Out of state Attack TCP Connection Flood 4053 15842 1640 11514 HTTP Attack Counts Total Attack Counts 147.13% 37.59% Percentage of Attacks Q1 2017 over Q4 2016 Table 1. Comparison of Attacks - Q4 2016 and Q1 2017 Q1 2017Q4 2016
8 4.2 Quantity of Attack Vectors 4.3 Attack Duration Multi-vector attacks played the leading role in Q1 2017. 31.08% of attacks were single vector, while the rest were multi- vector. More than 48% of attacks lasted longer than 90 minutes: 22.97% were between 91 and 240 minutes, and 12.16% between 241 and 420 minutes. 4.05% of attacks exceeded 1,400 minutes. Figure 3. Distribution of Attack Vectors in Q1 2017 Figure 4. Distribution of Attack Duration nexusguard.com 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 1 2 3 4 5 6 10 Nunberofattackvector Percentage 31.08% 29.73% 20.27% 10.81% 5.41% 1.35% 1.35% 51.35% 22.97% 12.16% 5.41% 4.05% 4.05% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% <=90 91-240 241-420 421-720 721-1200 >1440 Duration(minute)
9 4.4 Attack Size Distribution 4.5 Global Attack Source Distribution Of the attacks recorded in the quarter, more than 22% were sizeable (larger than 10Gbps): 20% ranging between 10Gps - 200Gps, and 2.67% larger than 200Gps. The US was the leading source of attacks, being the originating point of 23.75% of attacks in Q1. China and Japan followed, with 17.83% and 15.35% respectively. Germany and France vied for a spot in the Top 5, accounting for 7.78% and 6.69%. Figure 5. Distribution of Attack Sizes Table 2. Percentage of Attack Source over Worldwide nexusguard.com 77.33% 20.00% 2.67% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00% < 10G >=10G and < 200G >=200G Range of Attack size Country Percentage United States China Japan Germany France Netherlands Russian Federation United Kingdom Canada Romania Others (Including 96 countries) 23.75% 17.83% 15.35% 7.78% 6.69% 3.90% 3.72% 2.48% 2.37% 2.16% 13.96%
4.6 APAC Attack Source Distribution In APAC, China was ranked No. 1, being the source of 44.84% of attacks in the region. Japan came in second with 38.61%. The Russian Federation and Vietnam contributed 9.36% and 1.62% respectively. Table 3. Percentage of Attack Source among Asian Countries nexusguard.com10 Country Percentage China Japan Russian Federation Vietnam Singapore South Korea Taiwan Hong Kong Saudi Arabia Israel Others (Including 20 countries) 44.84% 38.61% 9.36% 1.62% 1.14% 1.09% 0.97% 0.72% 0.50% 0.27% 0.87%
4.7 Reflective DDoS Attacks by Autonomous System Number (ASN) AS-PNAPTOK placed first among all network ASNs with 30.58%. Second and third were PROXAD and CHINANET- BACKBONE with 11.96% and 11.17% respectively. nexusguard.com AS Number PercentageNetwork Name 17675 12322 4134 9808 23650 7922 7018 16276 63949 31400 30.58% 11.96% 11.17% 8.21% 7.72% 7.32% 5.96% 5.79% 5.66% 5.64% AS-PNAPTOK PROXAD CHINANET-BACKBONE CMNET-GD CHINANET-JS-AS-AP COMCAST-7922 ATT-INTERNET4 OVH LINODE-AP ACCELERATED-IT Table 4. ASN Rankings with Attack Size 11
12 5. Conclusions DDoS attacks are no longer concentrated over predictable periods. Holiday or long weekend — no matter, the attackers never rest. The patterns are more erratic, the techniques more complex, and the attacks last longer and tend to target multiple vectors. During Q1 2017, application-layer attacks like HTTP GET/POST Flood predominated, overtaking volumetric- based attacks. Furthermore, over the past few years, the increasing adoption of Internet of Things (IoT) has resulted in a massive number of poorly guarded, unsecured devices. The exploitation of the resulting vulnerabilities has fueled the rapid growth of Botnets, which in turn are supplying attackers with myriad hijacked IP addresses, enabling them to launch more long-lasting, sophisticated attacks. To combat these increasingly complex DDoS attacks, which often target multiple vectors at the same time, a multi-layered mitigation platform that leverages a large, redundant scrubbing network with the support of a 24x7 security operations center (SOC) is much needed. nexusguard.com
Global Leader in DDoS Mitigation nexusguard.com456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA | +1 415 299 8550 20170526-EN-A4 About Nexusguard Founded in 2008, Nexusguard is the global leader in fighting malicious Internet attacks. Nexusguard protects clients against a multitude of threats, including distributed denial of service (DDoS) attacks, to ensure uninterrupted Internet service. Nexusguard provides comprehensive, highly customized solutions for customers of all sizes, across a range of industries, and also enables turnkey anti-DDoS solutions for service providers. Nexusguard delivers on its promise to maximize peace of mind by minimizing threats and improving uptime. Visit www.nexusguard.com for more information.

Recommended

DDoS threat landscape report
DDoS threat landscape reportDDoS threat landscape report
DDoS threat landscape reportBee_Ware
 
Akamai security report
Akamai security reportAkamai security report
Akamai security reportHonza Beranek
 
Midyear security-report-2016
Midyear security-report-2016Midyear security-report-2016
Midyear security-report-2016Andrey Apuhtin
 
Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Andrey Apuhtin
 
sophos-four-key-tips-from-incident-response-experts.pdf
sophos-four-key-tips-from-incident-response-experts.pdfsophos-four-key-tips-from-incident-response-experts.pdf
sophos-four-key-tips-from-incident-response-experts.pdfDennis Reyes
 
2015-cloud-security-report-q2
2015-cloud-security-report-q22015-cloud-security-report-q2
2015-cloud-security-report-q2Gaurav Ahluwalia
 
20140313_tu_delft
20140313_tu_delft20140313_tu_delft
20140313_tu_delftUniversity of Twente
 
20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lecture20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lectureUniversity of Twente
 

Recommended

DDoS threat landscape report
DDoS threat landscape reportDDoS threat landscape report
DDoS threat landscape reportBee_Ware
 
Akamai security report
Akamai security reportAkamai security report
Akamai security reportHonza Beranek
 
Midyear security-report-2016
Midyear security-report-2016Midyear security-report-2016
Midyear security-report-2016Andrey Apuhtin
 
Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Andrey Apuhtin
 
sophos-four-key-tips-from-incident-response-experts.pdf
sophos-four-key-tips-from-incident-response-experts.pdfsophos-four-key-tips-from-incident-response-experts.pdf
sophos-four-key-tips-from-incident-response-experts.pdfDennis Reyes
 
2015-cloud-security-report-q2
2015-cloud-security-report-q22015-cloud-security-report-q2
2015-cloud-security-report-q2Gaurav Ahluwalia
 
20140313_tu_delft
20140313_tu_delft20140313_tu_delft
20140313_tu_delftUniversity of Twente
 
20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lecture20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lectureUniversity of Twente
 
20160316_tbk_bit_module7
20160316_tbk_bit_module720160316_tbk_bit_module7
20160316_tbk_bit_module7University of Twente
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013 Комсс Файквэе
 
Cloud activ8 state of ransomware report_2021-dec
Cloud activ8 state of ransomware report_2021-decCloud activ8 state of ransomware report_2021-dec
Cloud activ8 state of ransomware report_2021-decgusbarrett
 
Netscout threat report 2018
Netscout threat report 2018Netscout threat report 2018
Netscout threat report 2018Gabe Akisanmi
 
PPT-5.11.09
PPT-5.11.09PPT-5.11.09
PPT-5.11.09Saumya Agarwal
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat FireEye, Inc.
 
1766 1770
1766 17701766 1770
1766 1770Editor IJARCET
 
M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails FireEye, Inc.
 
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero SurveyDDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero SurveyStephanie Weagle
 
Evolution terriskmod woo_journalre
Evolution terriskmod woo_journalreEvolution terriskmod woo_journalre
Evolution terriskmod woo_journalredacooil
 
Webinar: DRaaS - It’s Not Just For Disasters Anymore
Webinar: DRaaS - It’s Not Just For Disasters AnymoreWebinar: DRaaS - It’s Not Just For Disasters Anymore
Webinar: DRaaS - It’s Not Just For Disasters AnymoreStorage Switzerland
 
201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtable201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtableJunSeok Seo
 
Scouting report
Scouting report Scouting report
Scouting report Chatura Ahangama
 
A Case Study on the Effects of Cyber Attacks on Firms' Stock Price
A Case Study on the Effects of Cyber Attacks on Firms' Stock PriceA Case Study on the Effects of Cyber Attacks on Firms' Stock Price
A Case Study on the Effects of Cyber Attacks on Firms' Stock PriceShravan Chandrasekaran
 
A worst case worm
A worst case wormA worst case worm
A worst case wormUltraUploader
 
M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent ThreatFireEye, Inc.
 
document(1)
document(1)document(1)
document(1)Diney Wankhede
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportGeneva Business School Myanmar Campus
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosHaltdos
 

More Related Content

What's hot

Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
Cloud activ8 state of ransomware report_2021-dec
Cloud activ8 state of ransomware report_2021-decCloud activ8 state of ransomware report_2021-dec
Cloud activ8 state of ransomware report_2021-decgusbarrett
 
Netscout threat report 2018
Netscout threat report 2018Netscout threat report 2018
Netscout threat report 2018Gabe Akisanmi
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat FireEye, Inc.
 
M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails FireEye, Inc.
 
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero SurveyDDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero SurveyStephanie Weagle
 
Evolution terriskmod woo_journalre
Evolution terriskmod woo_journalreEvolution terriskmod woo_journalre
Evolution terriskmod woo_journalredacooil
 
Webinar: DRaaS - It’s Not Just For Disasters Anymore
Webinar: DRaaS - It’s Not Just For Disasters AnymoreWebinar: DRaaS - It’s Not Just For Disasters Anymore
Webinar: DRaaS - It’s Not Just For Disasters AnymoreStorage Switzerland
 
201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtable201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtableJunSeok Seo
 
A Case Study on the Effects of Cyber Attacks on Firms' Stock Price
A Case Study on the Effects of Cyber Attacks on Firms' Stock PriceA Case Study on the Effects of Cyber Attacks on Firms' Stock Price
A Case Study on the Effects of Cyber Attacks on Firms' Stock PriceShravan Chandrasekaran
 
M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent ThreatFireEye, Inc.
 

What's hot (18)

20160316_tbk_bit_module7
20160316_tbk_bit_module720160316_tbk_bit_module7
20160316_tbk_bit_module7
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Cloud activ8 state of ransomware report_2021-dec
Cloud activ8 state of ransomware report_2021-decCloud activ8 state of ransomware report_2021-dec
Cloud activ8 state of ransomware report_2021-dec
 
Netscout threat report 2018
Netscout threat report 2018Netscout threat report 2018
Netscout threat report 2018
 
PPT-5.11.09
PPT-5.11.09PPT-5.11.09
PPT-5.11.09
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat
 
1766 1770
1766 17701766 1770
1766 1770
 
M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails
 
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero SurveyDDoS Attacks Advancing and Enduring a SANS & Corero Survey
DDoS Attacks Advancing and Enduring a SANS & Corero Survey
 
Evolution terriskmod woo_journalre
Evolution terriskmod woo_journalreEvolution terriskmod woo_journalre
Evolution terriskmod woo_journalre
 
Webinar: DRaaS - It’s Not Just For Disasters Anymore
Webinar: DRaaS - It’s Not Just For Disasters AnymoreWebinar: DRaaS - It’s Not Just For Disasters Anymore
Webinar: DRaaS - It’s Not Just For Disasters Anymore
 
201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtable201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtable
 
Scouting report
Scouting report Scouting report
Scouting report
 
A Case Study on the Effects of Cyber Attacks on Firms' Stock Price
A Case Study on the Effects of Cyber Attacks on Firms' Stock PriceA Case Study on the Effects of Cyber Attacks on Firms' Stock Price
A Case Study on the Effects of Cyber Attacks on Firms' Stock Price
 
A worst case worm
A worst case wormA worst case worm
A worst case worm
 
M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat
 
document(1)
document(1)document(1)
document(1)
 

Similar to Q1 2017 DDoS Threat Report: Attackers Don't Go on Vacation During Holidays

Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosHaltdos
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce websiteDr. Raghavendra GS
 
Cisco Midyear Security Report 2016
Cisco Midyear Security Report 2016Cisco Midyear Security Report 2016
Cisco Midyear Security Report 2016Maticmind
 
akamai's [state of internet] / security
akamai's [state of internet] / securityakamai's [state of internet] / security
akamai's [state of internet] / securityThe Internet of Things
 
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportKey Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportAPNIC
 
Datto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rhDatto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rhJames Herold
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
KRNIC Data Driven DNS Security
KRNIC Data Driven DNS SecurityKRNIC Data Driven DNS Security
KRNIC Data Driven DNS SecurityAPNIC
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...CMR WORLD TECH
 
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxOverview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxCompanySeceon
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseNETSCOUT
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 

Similar to Q1 2017 DDoS Threat Report: Attackers Don't Go on Vacation During Holidays (20)

Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDos
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
 
Cisco Midyear Security Report 2016
Cisco Midyear Security Report 2016Cisco Midyear Security Report 2016
Cisco Midyear Security Report 2016
 
akamai's [state of internet] / security
akamai's [state of internet] / securityakamai's [state of internet] / security
akamai's [state of internet] / security
 
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportKey Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
 
Datto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rhDatto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rh
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
KRNIC Data Driven DNS Security
KRNIC Data Driven DNS SecurityKRNIC Data Driven DNS Security
KRNIC Data Driven DNS Security
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
 
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
 
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxOverview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 
original.pdf
original.pdforiginal.pdf
original.pdf
 

More from Andrey Apuhtin

Shadow pad technical_description_pdf
Shadow pad technical_description_pdfShadow pad technical_description_pdf
Shadow pad technical_description_pdfAndrey Apuhtin
 
Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17Andrey Apuhtin
 
Hutchins redacted indictment
Hutchins redacted indictmentHutchins redacted indictment
Hutchins redacted indictmentAndrey Apuhtin
 
Dr web review_mob_july_2017
Dr web review_mob_july_2017Dr web review_mob_july_2017
Dr web review_mob_july_2017Andrey Apuhtin
 
Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017Andrey Apuhtin
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisAndrey Apuhtin
 
Apwg trends report_q4_2016
Apwg trends report_q4_2016Apwg trends report_q4_2016
Apwg trends report_q4_2016Andrey Apuhtin
 
News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017Andrey Apuhtin
 
Windows exploitation-2016-a4
Windows exploitation-2016-a4Windows exploitation-2016-a4
Windows exploitation-2016-a4Andrey Apuhtin
 

More from Andrey Apuhtin (20)

Shadow pad technical_description_pdf
Shadow pad technical_description_pdfShadow pad technical_description_pdf
Shadow pad technical_description_pdf
 
Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17Ftc cdt-vpn-complaint-8-7-17
Ftc cdt-vpn-complaint-8-7-17
 
Hutchins redacted indictment
Hutchins redacted indictmentHutchins redacted indictment
Hutchins redacted indictment
 
Dr web review_mob_july_2017
Dr web review_mob_july_2017Dr web review_mob_july_2017
Dr web review_mob_july_2017
 
Dmarc
DmarcDmarc
Dmarc
 
Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017Pandalabs отчет за 1 квартал 2017
Pandalabs отчет за 1 квартал 2017
 
Sel03129 usen
Sel03129 usenSel03129 usen
Sel03129 usen
 
Cldap threat-advisory
Cldap threat-advisoryCldap threat-advisory
Cldap threat-advisory
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysis
 
Rand rr1751
Rand rr1751Rand rr1751
Rand rr1751
 
Apwg trends report_q4_2016
Apwg trends report_q4_2016Apwg trends report_q4_2016
Apwg trends report_q4_2016
 
Browser history
Browser historyBrowser history
Browser history
 
Software
SoftwareSoftware
Software
 
Antivirus
AntivirusAntivirus
Antivirus
 
Https interception
Https interceptionHttps interception
Https interception
 
Wilssc 006 xml
Wilssc 006 xmlWilssc 006 xml
Wilssc 006 xml
 
News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017
 
Windows exploitation-2016-a4
Windows exploitation-2016-a4Windows exploitation-2016-a4
Windows exploitation-2016-a4
 
Mw stj 08252016_2
Mw stj 08252016_2Mw stj 08252016_2
Mw stj 08252016_2
 
150127iotrpt
150127iotrpt150127iotrpt
150127iotrpt
 

Recently uploaded

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 

Recently uploaded (20)

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 

Q1 2017 DDoS Threat Report: Attackers Don't Go on Vacation During Holidays

  • 1. Distributed Denial of Service (DDoS) Threat Report Q1 2017 Threat Report Global Leader in DDoS Mitigation nexusguard.com456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA | +1 415 299 8550
  • 2. 2 Contents 1. Methodology . . . . . . . . . . . . . . . . . . . 3 2. Key Observations for Q1 2017 . . . . . . . . . . . . . . . 4 5. Conclusions . . . . . . . . . . . . . . . . . . . 12 3. Quarterly Focus: Attackers Don’t Go on Vacation During Holidays . . . . . 5 3.1 Holidays Are No Longer Peaceful . . . . . . . . . . . . . . . . . . . 5 3.2 A New Years Nightmare . . . . . . . . . . . . . . . . . . . 5 3.3 Heavy Hits on the Day of Romance . . . . . . . . . . . . . . . 5 3.4 Attack Frequency Changes . . . . . . . . . . . . . . . 6 nexusguard.com 4. DDoS Activities . . . . . . . . . . . . . . . . . . . 7 4.1 Types of Vectors . . . . . . 7 4.2 Quantity of Attack Vectors . . . . . . 8 4.3 Attack Duration . . . . . . 8 4.4 Attack Size Distribution . . . . . . 9 4.5 Global Attack Source Distribution . . . . . . 9 4.6 APAC Attack Source Distribution . . . . . . 10 4.7 Reflective DDoS Attacks by Autonomous System Number (ASN) . . . . . . 11
  • 3. 1. Methodology As the global leader in Distributed Denial of Service (DDoS) attack mitigation, Nexusguard observes and collects real-time data on threats facing enterprise and service-provider networks worldwide. Data is gathered via botnet scanning, Honeypots, ISPs, and traffic moving between attackers and their targets. The analysis conducted by Nexusguard and our research partner, attackscape.com (https://www.attackscape.com/), identifies vulnerabilities and measures attack trends worldwide to provide a comprehensive view of DDoS threats. Attacks and hacking activities exert a sizeable impact on cybersecurity. Because of the comprehensive, global nature of our data sets and observations, Nexusguard is able to evaluate DDoS events in a manner that is not biased by any single set of customers or industries. Many zero-day threats are first seen on our global research network. These threats, among others, are summarized in our quarterly reports. 3 nexusguard.com
  • 4. 4 2. Key Observations for Q1 2017 • In Q1 2017, the number of DDoS attacks observed by Nexusguard registered a 380% year-on-year growth, suggesting that DDoS attacks occurred more frequently than the same period a year ago. It can be concluded that the impact of seasonal factors on attack frequency has become less apparent. • Uncommonly fierce attacks were observed in Q1 2017 — much more so than in preceding quarters. An enormous 275Gbps attack took place during Valentine’s Day and a lengthy attack spanning 4,060 minutes occurred over the Chinese New Year. • The percentage of days with sizeable attacks (larger than 10Gbps) grew considerably between January (48.39%) and March (64.29%). • HTTP attack counts and total attack counts increased over Q4 2016 by 147.13% and 37.59% respectively. nexusguard.com
  • 5. 5 3. Quarterly Focus: Attackers Don’t Go on Vacation During Holidays 3.1 Holidays Are No Longer Peaceful Prior to 2017, attacks were not common in the year’s first quarter. This year, however, the magnitude and frequency of attacks reached an unprecedented level. Two attacks with the largest size and duration ever were tracked during Q1 holidays in APAC and the West. 3.2 A New Years Nightmare In APAC, a lengthy attack January 28-31, the period of Chinese New Year, lasted 2 days, 19 hours, and 40 minutes. It was a widespread, disruptive event that left celebrants weary and exhausted upon returning to work. 3.3 Heavy Hits on the Day of Romance In the West, an attack over Valentine’s Day (February 14-15) lasting 21 hours and 31 minutes spiked up to 275.77Gbps. It was an unusual event in that Valentine’s Day had not been targeted previously. nexusguard.com As noted in our Q4 2016 report, 200+Gbps attacks have become commonplace. Such large- scale attacks continued this quarter, but now with more frequency, longer durations, and greater complexity, especially with the increased use of HTTP GET/POST flood to target the application layer. Multi-vector attacks in the form of advanced persistent threats (APT) also became more common. During Q1, attackers didn’t take a break for any holidays.
  • 6. Q1 2017 saw increased frequency of DDoS attacks compared with corresponding quarters in 2015 and 2016, during which attacks were less scalable and frequent. 2017 attack counts increased by 231.12% over Q1 2015 and 379.84% over Q1 2016. The turning point, when gigantic, continuous attacks began to wreak havoc, appears to be Q4 2016, reflecting a ripple effect of increased Botnet activity that occurred in the year’s final quarter. 6 3.4 Attack Frequency Changes nexusguard.com Figure 1. Attack Frequency in Q1 — 2015 through 2017
  • 7. 4.1 Types of Vectors In Q1 2017, 21 attack vectors were identified in 16,641 attacks. HTTP Flood was the predominant type, contributing 24.36%. TCP Flag Invalid Attack took second place at 20.28%. TCP SYN Attack and UDP Attack were the third and fourth leading vectors with 17.17% and 13.85% respectively. Figure 2. Distribution of DDoS Attack Vectors The total number of attacks in Q1 2017 jumped 37.59% over Q4 2016. HTTP attacks proliferated, showing an increase of 147.13% in the quarter. Application layer attacks encompassing HTTP Flood (86.77%) and HTTPS Flood (13.23%) soared as predicted in our Q4 2016 threat report. 93.75% of the attacks were mixed with volumetric and application aspects, whereas only 6.25% were pure application attacks. Since they call for multi-layered defense mechanisms, which are costly and, therefore, target enterprises have yet to upgrade their DDoS attack mitigation solutions to in order protect their online resources from the growing threat of multi-vector DDoS attacks. 7 4. DDoS Activities nexusguard.com 24.36% 20.28% 17.17% 13.85% 6.96% 3.71% 3.20% 2.36% 1.99% 1.60% 1.23% 1.15% 0.89% 0.83% 0.23% 0.16% 0.01% 0.01% 0.01% 0.01% 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% HTTP Flood TCP Flag Invalid Attack TCP SYN Attack UDP Attack IP Fragmentation Attack HTTPS Flood ICMP Attack TCP RST Attack DNS Amplification Attack UDP Fragmentation Attack DNS Attack NTP Amplification Attack SSDP Amplification Attack IP Bogons TCP Fragmentation Attack SNMP Amplification Attack SIP Flood IP LAND Attack TCP Out of state Attack TCP Connection Flood 4053 15842 1640 11514 HTTP Attack Counts Total Attack Counts 147.13% 37.59% Percentage of Attacks Q1 2017 over Q4 2016 Table 1. Comparison of Attacks - Q4 2016 and Q1 2017 Q1 2017Q4 2016
  • 8. 8 4.2 Quantity of Attack Vectors 4.3 Attack Duration Multi-vector attacks played the leading role in Q1 2017. 31.08% of attacks were single vector, while the rest were multi- vector. More than 48% of attacks lasted longer than 90 minutes: 22.97% were between 91 and 240 minutes, and 12.16% between 241 and 420 minutes. 4.05% of attacks exceeded 1,400 minutes. Figure 3. Distribution of Attack Vectors in Q1 2017 Figure 4. Distribution of Attack Duration nexusguard.com 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 1 2 3 4 5 6 10 Nunberofattackvector Percentage 31.08% 29.73% 20.27% 10.81% 5.41% 1.35% 1.35% 51.35% 22.97% 12.16% 5.41% 4.05% 4.05% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% <=90 91-240 241-420 421-720 721-1200 >1440 Duration(minute)
  • 9. 9 4.4 Attack Size Distribution 4.5 Global Attack Source Distribution Of the attacks recorded in the quarter, more than 22% were sizeable (larger than 10Gbps): 20% ranging between 10Gps - 200Gps, and 2.67% larger than 200Gps. The US was the leading source of attacks, being the originating point of 23.75% of attacks in Q1. China and Japan followed, with 17.83% and 15.35% respectively. Germany and France vied for a spot in the Top 5, accounting for 7.78% and 6.69%. Figure 5. Distribution of Attack Sizes Table 2. Percentage of Attack Source over Worldwide nexusguard.com 77.33% 20.00% 2.67% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00% < 10G >=10G and < 200G >=200G Range of Attack size Country Percentage United States China Japan Germany France Netherlands Russian Federation United Kingdom Canada Romania Others (Including 96 countries) 23.75% 17.83% 15.35% 7.78% 6.69% 3.90% 3.72% 2.48% 2.37% 2.16% 13.96%
  • 10. 4.6 APAC Attack Source Distribution In APAC, China was ranked No. 1, being the source of 44.84% of attacks in the region. Japan came in second with 38.61%. The Russian Federation and Vietnam contributed 9.36% and 1.62% respectively. Table 3. Percentage of Attack Source among Asian Countries nexusguard.com10 Country Percentage China Japan Russian Federation Vietnam Singapore South Korea Taiwan Hong Kong Saudi Arabia Israel Others (Including 20 countries) 44.84% 38.61% 9.36% 1.62% 1.14% 1.09% 0.97% 0.72% 0.50% 0.27% 0.87%
  • 11. 4.7 Reflective DDoS Attacks by Autonomous System Number (ASN) AS-PNAPTOK placed first among all network ASNs with 30.58%. Second and third were PROXAD and CHINANET- BACKBONE with 11.96% and 11.17% respectively. nexusguard.com AS Number PercentageNetwork Name 17675 12322 4134 9808 23650 7922 7018 16276 63949 31400 30.58% 11.96% 11.17% 8.21% 7.72% 7.32% 5.96% 5.79% 5.66% 5.64% AS-PNAPTOK PROXAD CHINANET-BACKBONE CMNET-GD CHINANET-JS-AS-AP COMCAST-7922 ATT-INTERNET4 OVH LINODE-AP ACCELERATED-IT Table 4. ASN Rankings with Attack Size 11
  • 12. 12 5. Conclusions DDoS attacks are no longer concentrated over predictable periods. Holiday or long weekend — no matter, the attackers never rest. The patterns are more erratic, the techniques more complex, and the attacks last longer and tend to target multiple vectors. During Q1 2017, application-layer attacks like HTTP GET/POST Flood predominated, overtaking volumetric- based attacks. Furthermore, over the past few years, the increasing adoption of Internet of Things (IoT) has resulted in a massive number of poorly guarded, unsecured devices. The exploitation of the resulting vulnerabilities has fueled the rapid growth of Botnets, which in turn are supplying attackers with myriad hijacked IP addresses, enabling them to launch more long-lasting, sophisticated attacks. To combat these increasingly complex DDoS attacks, which often target multiple vectors at the same time, a multi-layered mitigation platform that leverages a large, redundant scrubbing network with the support of a 24x7 security operations center (SOC) is much needed. nexusguard.com
  • 13. Global Leader in DDoS Mitigation nexusguard.com456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA | +1 415 299 8550 20170526-EN-A4 About Nexusguard Founded in 2008, Nexusguard is the global leader in fighting malicious Internet attacks. Nexusguard protects clients against a multitude of threats, including distributed denial of service (DDoS) attacks, to ensure uninterrupted Internet service. Nexusguard provides comprehensive, highly customized solutions for customers of all sizes, across a range of industries, and also enables turnkey anti-DDoS solutions for service providers. Nexusguard delivers on its promise to maximize peace of mind by minimizing threats and improving uptime. Visit www.nexusguard.com for more information.