polygraphus - Fotolia
Although the largest attack monitored in the second quarter of 2015 was a 196 Gigabit per (Gbps) second user datagram protocol (UDP) Flood, Arbor says the growth in the average attack size is of most concern to enterprise networks.
According to the latest data from Arbor's active threat level analysis system (Atlas), 21% of attacks in the quarter topped 1Gbps, while the most growth was seen in the 2Gbps to 10Gbps range.
Atlas is a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor.
The data also shows a significant spike in the number of attacks in the 50Gbps to 100Gbps range in June 2015, which were mainly SYN floods targeting destinations in the US and Canada.
"Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprise around the world," said Arbor Networks chief security technologist Darren Anstee.
"Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the internet connectivity of many businesses, it is essential that the risks and costs of an attack are understood and appropriate plans, services and solutions put in place," said Anstee.
Sizes of attacks on the rise
Arbor's data shows that reflection amplification DDoS attacks using the simple service discovery protocol (SSDP) appear to be abating compared with the first quarter of 2015, in which 126,000 were recorded, but they are still at the same level as the last quarter of 2014 of around 84,000.
Reflection amplification is a technique that allows an attacker to magnify the amount of traffic they can generate and obfuscate the original sources of that attack traffic.
This technique relies on the fact that many internet service providers still do not implement filters at the edge of their network to block traffic with a "forged" (spoofed) source IP address, and the fact that there are plenty of poorly configured and poorly protected devices on the internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated.
Read more about DDoS attacks
- Complacency about distributed denial of service (DDoS) attacks is putting businesses at risk, a survey has revealed.
- DDoS attacks could expose 40% of businesses to losses of£100,000 or more an hour at peak times.
- All indications show DDoS attacks are increasing in variety, number and size.
- Cyber threats evolve at the same pace as technology, and denial-of-service attacks are no different.
- Employ a mix of internal and cloud-based DDoS mitigation controls to minimise business disruptions from these increasingly complex attacks.
The majority of very large volumetric attacks use a reflection amplification technique exploiting the SSDP, the network time protocol (NTP) and DNS servers, with a large number of significant attacks detected worldwide.
The data shows that the average sizes for DNS, NTP and SSDP reflection amplification attacks increased in the second quarter of 2015, with an average duration of 20 minutes.
The survey found that businesses are turning their attention to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks and 39% admitting it is likely their organisation has already been targeted.
Almost 40% of the organisations questioned said they are using a firewall to protect against DDoS attacks, with web application firewalls preferred by 26% of respondents. However, investment in specific DDoS protection scored much lower.