NSFOCUS Reveals, ISPs, Enterprise and Online Gaming Sectors High on the Target List While the Majority of DDoS Attacks are Short in Duration and Repeated Frequently

SINGAPORE, Sept. 25, 2014 /PRNewswire/ — The NSFOCUS 2014 Mid-Year Threat Report, released today, reveals a continuing trend of distributed denial-of-service (DDoS) attacks that are short in duration and repeated frequently. In parallel, high-volume and high-rate DDoS attacks were on the upswing in the first half of 2014. To review the entire report, visit here.

Key Findings
Results of statistical analysis and key observations are based on data from actual incidents of DDoS attacks that occurred during the first half of 2014.  Data was collected from a mix of global enterprises, Internet service providers, regional telecom operators, and Internet hosting companies. Comparisons are based on 1H2014 as compared to 2H2013.

  • Attacks continue to be short in duration with repeated frequency: More than 90 percent of attacks detected lasted less than 30 minutes. This ongoing trend indicates that latency-sensitive websites, such as online gaming, eCommerce and hosting service should be prepared to implement security solutions that support rapid response.
  • High-rate, high-volume attacks increased: DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50% DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16%. And over 2% of DDoS attacks were launched at a rate of over 3.2Mpps.
  • Top three DDoS attack methods revealed: HTTP Flood, DNS Flood and TCP Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially.
  • Increase in ISPs, enterprises and online gaming targets: Attacks targeting ISPs increased by 87.2 percent, enterprises by 100.5 percent and online gaming by 60 percent.
  • Longest, largest and highest-frequency attacks: The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks.

Terence Chong, Solutions Architect, NSFOCUS, said:

 "NSFOCUS has maintained a continuous review of DDoS attacks over recent years, and we have observed that the trends constantly change as attacks morph and hacker behavior evolves. To stay ahead of these trends, we strongly encourage our customers to take a defensive approach in identifying and mitigating these threats before they happen."

About the Report

The DDoS attacks analyzed in this report were either tracked by the NSFOCUS Threat Response and Research (TRR) team from within the company’s network operation centers (NOCs) or were mitigated by the NSFOCUS Managed Security Service (MSS) team for customers and partners around the world.  Each incident is uniquely identified and categorized.  A thorough and methodical forensic study was conducted on each attack and was either mitigated directly by NSFOCUS or was captured and submitted by our customers and technology partners.  All data in this report was sourced from NSFOCUS products, NSFOCUS network monitoring and global partners. The data has been anonymized without any leak in intermediate links.


NSFOCUS is a global provider of distributed denial of service (DDoS) mitigation solutions. Founded in 2000, the company provides enterprise-level, carrier-grade solutions for DDoS mitigation, Web security and enterprise-level network security. With more than a decade of experience in DDoS research and development and mitigation, NSFOCUS has helped customers around the world maintain high levels of Internet security, website uptime and business operations to ensure that their online systems remain available. The NSFOCUS Anti-DDoS System (ADS) empowers customers to find and fend off a variety of incidents, from simple network layer attacks to more sophisticated and potentially damaging application-layer attacks, all while guaranteeing legitimate traffic gets through to networks and corporate-critical systems. For more information, visit www.nsfocus.com.