DDoS attacks more than treble in the past year, report reveals

The number of DDoS attacks over 20Gbps so far this year is more than three times greater than for the whole of 2012 data shows

The number of distributed denial of service (DDoS) attacks monitored at over 20Gbps so far this year is more than three times greater than for the whole of 2012, says Arbor Networks.

Despite the business risks of DDoS attacks, a survey by communications firm Neustar, published in July, found that 20% of UK respondents admitted that their companies have no DDoS protection in place.

The Neustar report also revealed that more than one-fifth of UK firms experienced a disruptive DDoS attack in 2012.

DDoS continues to be a global threat, with alarming increases in attack size this year, according to Arbor Networks’ report on DDoS attack trends for the first three quarters of the year.

The data is from the firm’s Active Threat Level Analysis System (Atlas), which is a collaborative effort with more than 275 service providers who have agreed to share anonymous traffic and attack data.

According to the latest report, 54% of DDoS attacks so far this year are over 1Gbps, up from 33% in 2012, and 37% of attacks are in the 2 to 10 Gbps range, up from 15% last year.

The data shows that there has been a 44% growth in proportion of attacks over 10Gbps, which now make up 4% of all DDoS attacks.

But the biggest growth has been in attacks monitored over 20Gbps, which are up 350% in the first nine months of the year, compared with the whole of 2012.

For 2013 an average DDoS attack now stands at 2.64Gbps, up 78% from 2012, with the largest monitored and verified attack size stands at 191Gbps.

The data shows that 87% of all attacks monitored so far this year last less than one hour.

“This year we’ve seen very rapid growth in the average size of attacks, and for the past three months it has been consistently in the 3 to 3.5Gbps range,” said Darren Anstee, systems architect team manager at Arbor Networks.

“While we didn’t witness a Spamhaus-sized 300Gbps attack this quarter, the largest attack size we did see in Atlas was still pretty remarkable at 191Gbps, an attack that took place in August 2013 – significantly above the approximate 100Gbps ceiling that we had seen prior to this year,” he wrote in a blog post.

Anstee is among the industry representatives to take part in the first international DDoS awareness event on 23 October 2013 to be hosted by Neustar.

The online event will bring together law enforcement, security industry and government experts to discuss and share information about DDoS attacks. The event is free to anyone who registers.

Read more on Hackers and cybercrime prevention