DrDoS attacks of more than 800 Gbps predicted by 2015
According to a new report by security company Black Lotus the average size of a DDoS attack in the first quarter of this year was 2.7 gigabits per second (Gbps).
But the company is warning that a new type of DrDoS (distributed reflected denial of service) attack will see the threat of 800 Gbps or more attacks in the next year to year and a half.
Reflected attacks send out requests to large numbers of machines using the address of the victim as the source, so that the target is flooded by replies. It's a bit like the spoofing of reply addresses in spam emails but on a larger scale.
The threat report, covering DDoS attack data between January 1 and March 31, 2014, shows that service providers have been heavily impacted by security threats, including SQL injection attacks, NTP DrDoS attacks, and most recently the Heartbleed bug. All of these threats have had a profound effect on the ability of service providers to operate safely and protect their customers.
Attackers have been using DrDoS methods to bypass the DDoS defenses of well-prepared companies by targeting upstream carriers. In January 2014, Black Lotus recorded several incidents in which tier 1 carriers in multiple US regions were saturated due to DrDoS attacks, resulting in packet loss rates as high as 35 percent even to customers that weren't themselves targeted by the attacks.
The biggest DDoS attack observed in the quarter was 421 Gbps and 122 million packets of data per second (Mpps). Some 19.5 percent of attacks observed were categorized as severe. More than 50 percent of those targeted individual applications, most commonly HTTP servers and domain name services.
"Historically, service providers have been able to operate without providing substantial security services to customers. That’s no longer viable, as threats proliferate and attackers find new ways to amplify the volume of their efforts," says Jeffrey Lyon, founder of Black Lotus. "To protect themselves and their customers, service providers must now also become security providers by offering integrated hosting and security services such as DDoS mitigation, intrusion defense, and incident response and remediation".
The full report is available to download from the Black Lotus website.