DDoS attacks aren’t going away anytime soon. In fact, they’re getting bigger, according to network security company Arbor Networks. But there’s good news for potential attacks in the Internet of Things arena—some heat is off there.
DDoS, or Distributed Denial-of-Service, attacks are where numerous compromised computers are used to target a single system. In simple terms, the sheer size of the blast of traffic overwhelms the system.
Arbor Networks says that “while very large attacks are what makes headlines, average attacks are approaching one gigabit per second, and are rapidly becoming a real problem for more and more enterprises.”
The company reckons that bits and packets per second are increasing.
Anonymous traffic data
Arbor collects its data through a collaborative project called ATLAS (Active Threat Level Analysis System). The scheme, where ISPs export hourly data, has around 300 ISP contributors.
They share anonymous traffic data with the company.
Key findings that Arbor has published in its Q2 2015 ATLAS Update include that the percentage of attacks over 1 Gbps is “growing strongly.”
The company has found that 20.8% of attacks in the second quarter of 2015 were over that 1 Gbps mark. In the prior quarter in 2015, that percentage was only 17.7%.
Larger attacks means more for enterprise to deal with.
SYN flooding is popular with large attacks. The report indicates that 99.2% of 50 Gbps to 100 Gbps attacks were SYN.
SYN is where the attacker sends a series of requests, or connections, faster than a computer can process them. The receiving system becomes unresponsive to normal traffic because server resources have been used up.
Arbor says that SSDP attacks are slowing, though. Those involved with the Internet of Things will be pleased to hear that.
SSDP, or Simple Service Discovery Protocol, is a network protocol for discovery of network services and is part of Universal Plug and Play.
There were 84,000 attacks showing in the statistics in Q2 2015. That’s dramatically less than the 126,000 in the first quarter of 2015.
There were just 14 in the last quarter of 2014.
Internet of Things
SSDP attack devices can use home routers and webcams, and “any smart device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP–based reflection attacks,” according to an unrelated report by NSFOCUS, another DDoS security company.
In April, NSFOCUS said that it thought the IoT was leading to growth in SSDP attacks. Q1 2015 saw that large spike in those attacks.
“The rise of the Internet of Things and the influx of network-connected devices, such as webcams and routers, are leading to the growth of SSDP-based amplification attacks,” it said then.
“Most of these IoT devices are very low-cost, rarely if ever monitored, and are often easily exploitable,” Gary Sockrider, a solutions architect for Arbor Networks, said in an article at Security Week.
That potentially IoT-affecting spike appears to be waning.