October 21st 2016.

 

Remember that date?

 

That was the single most prominent day, when the Mirai botnet DDoS attack took down most of (nearly all of) the biggest websites on the internet.

 

GitHub

 

Twitter

 

Reddit

 

Netflix

 

Airbnb

 

Spotify

 

PayPal

 

Whatever both you and I were on that day was surely down because of one asshole(s) wanted to screw us all.

 

The question is…

 

Can it get any worse?

 

 

DDoS attacks are less common, but they’re getting bigger

 

 

 

 

According to Verisign, an information security company, they recently published the Distributed Denial of Trends Report for Q1 2017.

 

 

This report talks about the changes in the frequency, the size and the type of DDoS attack that the company has closely observed over the first few months of this year.

 

 

 

 

The good news and the bad news

 

The good news is that the number of DDoS attacks has dropped by 23 percent compared to the previous quarter.

 

That’s great!

 

But there’s the bad news…

 

The average peak attack size has increased by 26 percent, which makes them way more powerful at taking down websites and critical online infrastructure.

 

 

 

Going all out

 

The report also talks about how these attacks are getting more sophisticated in nature and the use of several different modes of attack to take down a website.

 

DDoS attacks are less common, but they’re getting bigger

 

 

 

According to the report, even though 43 percent just use one mode of attack, almost 25 percent use two, and 6 percent use five.

 

This makes it much difficult to mitigate against and there’s a greater likelihood of it having a catastrophic effect.

 

 

 

 

The largest one there is

 

Verisign’s report also touches upon the largest DDoS attack observed by the company in Q1.

 

This largest attack that was observed was found to be a multi-vector attack that topped at 120GBpsa and with a throughput of 90mpps.

 

As per the report:

“This attack sent a flood of traffic to the targeted network in excess of 60 Gbps for more than 15 hours. The attackers were very persistent in their attempts to disrupt the victim’s network by sending attack traffic on a daily basis for over two weeks. The attack consisted primarily of TCP SYN and TCP RST floods of varying packet sizes and employed one of the signatures associated with the Mirai IoT botnet. The event also included UDP floods and IP fragments which increased the volume of the attack.”

 

In short, the attackers were using several different types of attack.

 

But what’s the most interesting part was they were able to sustain these attacks over long periods of time which interestingly goes on to show that these attackers had plenty of resources to create or rent a botnet of that size and to sustain these attacks over two weeks.

 

It also comes at no surprise that these DDoS attacks have well increased in potency. They’ve been getting bigger and bigger as these guys want to rope in vulnerable IoT devices into their botnets. This was such the case for the Mirai botnet attack, which took down Dyn last year, and with it much of the Internet that had millions of vulnerable IoT products.

 

 

 

 

What holds for your future?

 

The main thing you can take away from Verisign’s report is that DDoS attacks are getting increasingly well executed, for lack of a better word.

 

Face it, it’s not 2005 anymore.

 

You and I both have moved past the halcyon days of teenagers taking down websites on the internet with copies of LOIC they’d downloaded off Rapidshare.

 

Now, it’s waaay more powerful, and more commoditized. And the people behind these attacks aren’t doing it for shits and giggles. They mean business.

 

After all,

 

Mirai(未来)  does mean in Japanese “The Future” and it won’t be long before you and I fall victim to such DDoS attack well towards in the not so distant future.

 

 

 

Illustration by Tim Peacock