The Distribution Denial of Service (DDoS) attacks saw a 17 percent dip in the third quarter of 2017 (July - September) a report drafted by Verisign revealed.
When comparing Q3 2017 to Q2 2017, Verisign saw a 17 percent decrease in the number of attacks and a 70 percent decrease in the peak size of the average attack. However, attackers continue to launch repeated attacks against their targets.
Furthermore, the report stated that 45 percent of customers who experienced DDoS attacks in Q3 2017 were targeted multiple times during the quarter, as such attacks remain unpredictable and vary widely in terms of speed and complexity.
88 percent of DDoS attacks mitigated by Verisign in Q3 2017 employed multiple attack types. Verisign observed attacks targeting networks at multiple layers and attack types that changed over the course of a DDoS event.
Meanwhile, User Datagram Protocol (UDP) flood attacks dominated in Q3 2017, accounting for 56 percent of total attacks in the quarter. The most common UDP floods included Domain Name System (DNS), Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP), Character Generator Protocol (CHARGEN) and Simple Network Management Protocol (SNMP) reflective amplification attacks.
The largest volumetric DDoS attack observed in Q3 2017 was a multi-vector attack that peaked at approximately 2.5 Gbps and around 1 Mpps for one hour. The attack consisted of a wide range of attack vectors including TCP SYN and TCP RST floods; DNS, ICMP and Charger Amplification attacks, and invalid packets.
The different attack vectors required continuous monitoring and changing of countermeasures to effectively mitigate, the report said.
The highest intensity packet flood in the quarter, consisting of a TCP SYN and UDP floods mixed with invalid packets, peaked at approximately 2.3 Mpps and around 1 Gbps. That attack lasted approximately two and a half hours, the report noted.
On a related note, a DDoS attack, in computing, is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet.