Sources of Data
NSFOCUS collects data from all of their DDoS Protection Solutions deployed worldwide that are being managed by their managed service offering. The botnets that are used across the world can be tracked by NSFOCUS, and those details are used to formulate many of the attack trends shown in this report. NSFOCUS is able to monitor world-wide DDoS attacks (for example the DDoS attack against Dyn.com in Oct. 2016). Region specific attacks, for example attacks originating and destined within the U.S., are not part of the report metrics shown within this report.
• In Q3, global distributed denial-of-service (DDoS) attacks increased by 40%. In Q3, a total of 71,416 DDoS attacks were detected, up 40% from Q2 (50,988).
• The proportion of low-volume DDoS attacks increased by 10.8% and that of high-volume DDoS attacks decreased by 6.7%. 20–50 Gbps medium-volume DDoS attacks and 50–300 Gbps high-volume DDoS attacks respectively decreased by 4.1% and 6.7% from Q2, but low-volume DDoS attacks (less than 20 Gbps) increased by 10.8%.
• Super high-volume DDoS attacks (over 300 Gbps) occurred 35 times. In Q3, super high-volume DDoS attacks (over 300 Gbps) occurred 35 times, up 119% from Q2 (16 times).
• The average peak traffic of individual DDoS attacks was 19.4 Gbps. In Q3, the average peak traffic of individual DDoS attacks was 19.4 Gbps, which was 16.7 Gbps in Q2.
• The highest peak traffic of individual DDoS attacks reached 572.6 Gbps. In Q3, the highest peak traffic of individual DDoS attacks reached 572.6 Gbps, 126.9 Gbps higher than that in Q2 (445.7 Gbps).
• On average, each IP address was redundantly attacked 1.4 times a month. In Q3, each IP address was redundantly attacked 1.4 times a month on average. In particular, we found a network attacked 30 times, mostly with mixed traffic of UDP flood and NTP request flood attacks that did not last long.
• The average DDoS attack duration was 7.2 hours. In Q3, the average DDoS attack duration was 7.2 hours, slightly decreasing from Q2 (8.1 hours). The most durable DDoS attack lasted 31 days and over 19 hours (764 hours), generating 17 TB of traffic in total.
• The proportion of multi-vector attacks increased by 6.6 percentage points. Multi-vector attacks accounted for 40.3% of the total attack traffic, up 6.6 percentage points from Q2. Attacks consisting of two or three traffic types took up 99.7% of multi-vector attacks. Most frequently, NTP reflection traffic was mixed with UDP traffic.
• The proportion of reflection attacks accounted for 90.5%, up 20.6 percentage points. Reflection attacks accounted for 90.5% of total attacks, sharply up 20.6 percentage points from Q2. NTP reflection attacks increased most significantly.
• The number of global active NTP reflectors increased by 440%. In Q3, the number of active reflectors involved in DDoS attacks reached 25,371 globally, up 440% from Q2.
• The number of Mirai-infected Internet of Things (IoT) devices reached 1.5 million. IoT devices are a new favorite for a hackers’ botnet. By the end of October 2016, the number of Mirai-infected devices had reached 1,508,059. Botnet attacks had been extremely active recently. Port 23 was scanned a maximum of 340,000 times in a day.
Download Full Q3 DDoS Attack Report Here: http://nsfocusglobal.com/resources/
