Distributed denial-of-service (DDOS) attacks in the Europe, Middle East and Africa (EMEA) region witnessed an uptick in the last quarter and are set to intensify in 2017.
This is according to a report issued by F5 Networks, which revealed data from its Security Operations Centre (SOC), highlighting the growing scale and intensity of cyber attacks in the region.
DDOS attacks have been around since at least 2000. These attacks refer to a situation in which many compromised machines flood a target with requests for information. The target can’t handle the onslaught of requests, so it crashes.
Consultancy firm Deloitte also expects cyber attacks to enter the terabit era in 2017, with DDOS attacks becoming larger in scale, harder to mitigate and more frequent.
F5 Networks points out that in 2016 to date, it has handled and mitigated 8 536 DDOS instances.
The company notes that one of the attacks featured among the largest globally – a 448Gbps user datagram protocol (UDM) and Internet control message protocol (ICMP) fragmentation flood using over 100 000 IP addresses emanating from multiple regions.
It explains the incident highlights a growing trend for global co-ordination to achieve maximum impact, with IP attack traffic stemming largely from Vietnam (28%), Russia (22%), China (21%), Brazil (15%) and the US (14%).
“The EMEA Security Operations Centre has been experiencing rapid growth since launching in September last year, and it is entirely driven by the explosion of attacks across the region, as well as businesses realising they need to prepare for the worst,” says Martin Walshaw, senior engineer at F5 Networks.
In Q1 (October – December), the SOC experienced a 100% increase in DDOS customers, compared to the same period last year.
F5 Networks says UDP fragmentations were the most commonly observed type of DDOS attack in Q1 (23% of total), followed by domain name system reflections, UDP floods (both 15%), syn floods (13%) and NTP reflections (8%).
“Given the rise and variety of new DDOS techniques, it is often unclear if a business is being targeted,” Walshaw says. “This is why it is more important than ever to ensure traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly.
“The best way forward is to deploy a multi-layered DDOS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer.”