DDoS severity surges as Australia pounded harder than rest of APAC
- 23 July, 2015 11:51
Australian targets are being hit by far more distributed denial of service (DDoS) attacks of more than 1Gbps than other regional countries and the average severity of attacks jumped by 46 percent in the second quarter of this year, according to new figures from Arbor Networks.
The company's latest quarterly analysis of data from its Active Threat Level Analysis System (ATLAS) found that the average DDoS against Australian targets rose to 1.83Gbps and 501.78Kpps (thousand packets per second) in the latest quarter, surging from 1.25Gbps and 345.94Kpps observed in the first quarter of this year.
Fully 28 percent of attacks in Australia registered over 2Gbps – compared with just 21 percent of all attacks topping 1Gbps globally. That was well ahead of the rest of the APAC region – which saw average attack traffic nearly double over the previous quarter, to 800Mbps and 264.71Kpps.
Although a 144.91Gbps attack targeted at China was the largest individual DDoS in the region over the quarter, 45 percent of Australian attacks were greater than 1Gbps, compared with 17 percent across the APAC region. Australia's peak DDoS weighed in at 136.91Gbps, compared with just 74.12Gbps in the previous quarter.
“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprise around the world,” Arbor Networks chief security technologist Darren Anstee said in a statement.
“Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the Internet connectivity of many businesses, it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place. ”
Simple Service Discovery Protocol (SSDP), which has recently emerged from obscurity to become a favoured protocol for instigators of 'reflection' DDoS attacks, was used in 48 percent of reflection attacks against Australian targets.
While UDP Port 80 remained the most frequently-targeted port – used in 50 percent of attacks globally and 61 percent of APAC attacks – it was only targeted in 27 percent of attacks in Australia, where attackers took a more scatter-shot approach by targeting a broader range of ports in Australia than in APAC.
Australian attacks were shorter on average than those in APAC, with the average duration of 23 minutes 46 seconds well off the average 39 minutes 53 seconds observed for all APAC attacks.
ATLAS constantly samples Internet traffic, developing usage profiles of what the company claims is more than 25 percent of all Internet traffic. Data from more than 330 customers is collated in the system and used to profile online activity – which, among other uses, is presented through a Digital Attack Map co-developed with Google.
This article is brought to you by Enex TestLab, content directors for CSO Australia.