One of the largest DDoS (distributed denial of service) attacks in the worls was a 448Gbps UDP/ICMP fragmentation flood using more than 100 000 IP addresses from multiple regions.
The incident, which was tracked by F5 Networks’ security operations centre (SOC), highlights a growing trend for global coordination to achieve maximum impact, with IP attack traffic stemming largely from Vietnam (28%), Russia (22%), China (21%), Brazil (15%) and the USA (14%).
“The EMEA Security Operations Center has been experiencing rapid growth since launching in September last year, and it is entirely driven by the explosion of attacks across the region, as well as businesses realizing they need to prepare for the worst,” said Martin Walshaw, senior engineer at F5 Networks.
During the first quarter (October – December), the SOC experienced a 100% increase in DDoS customers, compared to the same period last year. Web Application Firewall (WAF) customers were up 136%, and anti-fraud rose by 88%.
User Datagram Protocol (UDP) fragmentations were the most commonly observed type of DDoS attack in Q1 (23% of total), followed by DNS Reflections, UDP Floods (both 15%), Syn Floods (13%) and NTP Reflections (8%).
“Given the rise and variety of new DDoS techniques, it is often unclear if a business is being targeted,” Walshaw adds. “This is why it is more important than ever to ensure that traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly.
“The best way forward is to deploy a multi-layered DDOS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer.”