That prediction is according to a new threat report by Black Lotus, which covers DDoS attack data between January 1 and March 31, 2014. It shows that service providers have been heavily impacted by security threats, including SQL injection attacks, NTP DrDoS attacks, and most recently Heartbleed. All of these threats have had profound effects on the ability of service providers to safely operate and protect their customers.
During the first quarter of 2014, novice attackers used DrDoS methods to bypass the DDoS defenses of well-prepared companies by targeting upstream carriers directly.
In January 2014, Black Lotus recorded several incidents in which tier 1 carriers in multiple U.S. regions were saturated due to DrDoS attacks, resulting in packet loss as high as 35 percent to customers that were not even targeted by the attacks. By February, the same carriers were better prepared for attacks that exceeded 400 Gbps, and they were able to stabilize their networks with minimal interruption to downstream customers.
Greater awareness of NTP DrDoS is critical, but service providers will have to add protections as attackers grow more sophisticated and attacks become more severe.
The report findings also show that:
- The largest DDoS attack observed during the report period was on February 10. It was 421 Gbps and 122 millions of packets per second (Mpps).
- Of the 463,621 observed attacks, Black Lotus regarded 90,313 (19.5 percent) of them as severe, characterized by an extreme traffic levels compared to the target’s typical traffic baseline.
- The average attack during the period reported was 2.7 Gbps and 1.8 Mpps.
- During the reporting period, 50.3 percent of severe attacks targeted individual applications, most commonly HTTP servers and DNS. Attacks on either application can result in site outages and are difficult to mitigate without professional assistance.
“Historically, service providers have been able to operate without providing substantial security services to customers. That’s no longer viable, as threats proliferate and attackers find new ways to amplify the volume of their efforts,” said Jeffrey Lyon, founder of Black Lotus. “To protect themselves and their customers, service providers must now also become security providers by offering integrated hosting and security services such as DDoS mitigation, intrusion defense, incident response and remediation.”