graphic courtesy of Arbor Networks
The Internet has never been a more dangerous place to do business, and Distributed Denial of Service (DDoS) attacks are the main reason why. That’s according to recent research published by two players in the online security space, Arbor Networks and VeriSign.
Arbor Networks calls the past 18 months the “hockey stick era” for DDoS attacks. As you can see in the graphic above, the typical size of DDoS attacks is up astronomically since the end of 2012. In particular, the report looks at a sharp increase of amplified DDoS attacks using Network Time Protocol (NTP) as the attack vector.
Amplified attacks take advantage of User Datagram Protocol (UDP) based services that can be made to produce large sized replies to small queries. These queries have a spoofed address, sending floods of traffic to the intended victim. Companies can be targets of these types of attacks, and they can unwittingly contribute to them.
VeriSign is the long-time registry of the dominant .com top level domain (and .net) and also has a security division focused on DDoS mitigation. Their report veers closer to marketing collateral than Arbor, but includes some interesting data. It also bring me back — when I worked at VeriSign in the early aughts, we launched a quarterly report on global domain name registrations that has continued (with a hiatus in 2013) to be a great source of information to this day.
VeriSign’s report echoed Arbor on the increased average size of attacks and the popularity of exploiting NTP. Using their customer base as a proxy for the market, they also reported a 30 percent increase in attacks aimed at the application layer in Q1 2014, and a general broadening of industries being attacked. DDoS has grown well beyond financial targets:
graphic courtesy of VeriSign
It’s good to see these companies highlighting a serious threat with their research. Thought leadership content like this educates potential prospects and supports the business goals of the issuing company. Done well, it’s a win-win for both and in this particular case could help make the Internet a safer place.
Interesting. Can’t believe how much the attacks have increased. I recall when 80 and then 100 Gbps thresholds were reached and how problematic those were.
The troubling part of the chart is that only 9% of mitigations are in the commerce and online advertising vertical. With online advertising growing rapidly–for example, in 2014 eMarketer predicts that RTB advertising in the US will be $4.86 Billion–this is a target ripe for attack.
The scary thing is that for DDoS to work in RTB, it doesn’t have to do very much, unlike for some other sectors.
Just adding a few milliseconds to a bid getting to a DSP will do the trick. Prices and advertising models for the RTB platforms can be hurt immediately and publisher eCPM can be dragged down quickly, as fewer bids get through.
Additionally, DDoS targeted at DSPs and other AdTech firms has a lot of potential targets. Everybody from the publisher to the data supplier to the DSP to the exchanges to the ad networks can be held up for ransom. I think the targets are relatively soft–because of their reliance on split-second timing–and because many of the players in the LUMAscape don’t have the kind of hardened systems they need.