TMCnet News

Black Lotus Threat Report Reveals Vietnam, India, Indonesia will Grow Mobile DDoS Attacks in 2015
[November 18, 2014]

Black Lotus Threat Report Reveals Vietnam, India, Indonesia will Grow Mobile DDoS Attacks in 2015


SAN FRANCISCO --(Business Wire)--

The newest up-and-coming countries of origin for distributed denial of service (DDoS) attacks will be Vietnam, India and Indonesia in 2015. While these countries don't have the necessary bandwidth to launch massive DDoS attacks, the volume of compromised end point devices, such as mobile phones, make them prime sources of new botnets. China topped the list of leading sources of DDoS attacks in Q3 2014, followed by the United States and Russia. These findings were issued today via Black Lotus' Q3 2014 Threat Report. Black Lotus, a leader in availability security and provider of DDoS protection, compiles its quarterly Threat Reports by drawing on the latest attack data from its network logs and analyzing the results for trends in attack size, duration, method, source and other characteristics.

The Black Lotus Q3 2014 Threat Report, which covers DDoS attack data between July 1 and September 29, 2014, shows that Black Lotus customers experienced a 96 percent decrease in bit volume attacks compared to the rest of 2014. These changes can be attributed to attackers resorting to more complex attacks, such as SYN floods and application layer attacks, instead of amplification attacks. The Black Lotus mitigation team expects attackers will continue to resort to non-amplification attacks when there are not enough vulnerable systems available to exploit for reflection methods, and they anticipate a rise in mobile DDoS attacks as emerging countriesincrease smartphone subscriber usage. Therefore, IT managers and security teams will need to adjust strategies to handle targeted, multi-vector attacks to thwart outages rather than volumetric methods, while preparing against growing packet volume that may saturate their existing DDoS safeguards.



The report findings also show that:

  • The largest bit volume DDoS attack observed during the report period was 15.2 Gbps on September 3, a marked decline in volume since the beginning of 2014, due to NTP and other types of amplification attacks becoming more difficult to execute without sufficient NTP vulnerabilities. Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyberattackers targeting crucial ports to thwart legitimate traffic from reaching online destinations.
  • 73 percent of the 201,721 attacks observed during Q3 2014 were regarded as severe, nearly half of which were SYN flood attacks and 15 percent targeted Web servers (HTTP) and domain name services (DNS), which result in site outages and are extremely difficult to mitigate without professional assistance.
  • The average attack during the period reported was 3.2 Gbps, a sustained increase in bit volume, and 1.0 million packets per second (Mpps), a continued decrease in packet volume since last quarter. This indicated a change of attack methods from large volumetric network-based attacks to complex attacks using multiple vectors, with both application layer attacks and SYN flood attacks blended together, meaning security practitioners will need to leverage intelligent DDoS mitigation rather than budgeting extra network bandwidth.

"DDoS attacks continue to fall in size and frequency in 2014, making them easier to handle for tier one carrier networks with excess capacity, but still tricky to manage for organizations with less bandwidth," said Shawn Marck, co-founder and chief security officer of Black Lotus. "The widespread education of ways to thwart NTP caused attackers to resort to tried and true blends of SYN flood and application layer attacks, which are very difficult to mitigate using conventional network hardware as these types target the same port needed to serve legitimate users."


Download the full Black Lotus Q3 2014 Threat Report for more details.

About Black Lotus Communications

Black Lotus Communications is a security innovator that pioneered the first commercially viable DDoS mitigation solutions. These advanced solutions enhance the security posture of small and medium businesses and enterprise clients while reducing capital expenditures, managing risk, ensuring compliance, and improving earnings and retention. Breakthrough developments at Black Lotus include the world's first DDoS-protected hosting network, the first IPv6 DDoS mitigation environment, and the first highly effective Layer 7 attack mitigation strategy. For more information, visit www.blacklotus.net or follow Black Lotus on Twitter (News - Alert) at https://twitter.com/ddosprotection.


[ Back To TMCnet.com's Homepage ]