Prolexic Quarterly Ddos Attack Report Q1 2013

Transcript

Overview of Prolexic Quarterly DDoS Attack Report Q1 2013 www.prolexic.com Prolexic Quarterly DDoS Attack Report: Q1 2013 • What happened in Q1 2013? – The most formidable distributed denial of service (DDoS) attacks to date – More than 10 percent of attacks exceeded 60 Gigabits per second (Gbps) – The headline-making Spamhaus.org attack 2 May 2013 www.prolexic.com Average Bandwidth of DDoS Attacks in Q1 2013 • Volumetric bandwidth averaged an attentiongrabbing 48.25 Gbps 3 www.prolexic.com Emerging DDoS Attack Trends: Q1 2013 • Important trends? – Targeting Internet Service Providers (ISPs) and Carrier router infrastructures – High average packets-per-second (PPS) • Greater average than most DDoS mitigation equipment capacity. • Even routers carrying traffic to the mitigation equipment would be strained at this level – See full report for details on PPS trends 4 www.prolexic.com Analysis of Attack Types: Q1 2013 • Attackers focused on infrastructure attacks • Favored application attacks were: – SYN – GET – UDP – ICMP • Download the full report for percentages and graphs by attack type, including attack volume and trends 5 www.prolexic.com DDoS Attack Frequency in Q1: 2013 vs 2012 • Prolexic mitigated more DDoS attacks than ever in Q1 2013 • The month of March accounted for nearly half of all Q1 attacks (44 percent) 6 www.prolexic.com Top Ten Source Countries: DDoS Attacks in Q1 2013 7 www.prolexic.com DDoS Attack Case Study: An Enterprise (Q1 2013) • Case 1: Enterprise Organization – Attack traffic peaked at a massive 130 Gbps – Multiple botnets with thousands of compromised servers – Primarily SYN, UDP and DNS floods – Modifications to attack scripts executed on the fly, requiring expertise and responsiveness to block them – Successfully mitigated by Prolexic. – Get full report for specific attack vectors and traffic distribution and other details 8 www.prolexic.com DDoS Attack Case Study: DNS Reflection (Q1 2013) • Case 1: DNS Reflection attack against Prolexic – New extensions such as SNSSEC are being used as attack vectors – Attack directed at ns1.prolexic.com on Jan 23, 2013 – Malicious actor used DNS amplification techniques • 64 byte request generated a response exceeding 3,000 bytes and averaged 1,200 bytes • 18x amplification – Successfully mitigated by Prolexic – View full report for specific attack metrics, traffic distribution, heat map of participating countries, and more 9 www.prolexic.com Prolexic Q1 2013 Global Attack Report • Download the Q1 2013 Global Attack Report for: – – – – – Average and trends in attack duration and bandwidth Total number and trends of attacks by type In-depth case studies Year-over-year and quarter-over-quarter comparisons A look forward at emerging DDoS trends • About Prolexic – Prolexic Technologies is the world’s largest and most trusted distributor of DDoS protection and mitigation services. – Prolexic Security and Engineering Response Team (PLXsert) monitors the global malicious cyber threats and actively analyzes DDoS attacks using proprietary techniques and equipment. 10 www.prolexic.com