DDoS Report Q1 2016 for Germany, Austria, Switzerland

  • Fabian Sinner
  • May 24, 2016

Table of content

    DDoS Report Q1 2016 for Germany, Austria, Switzerland

    In the first quarter of 2016, the number of DDoS attacks grew by nearly 30% over the previous quarter. Someone in German-speaking Europe falls victim to a DDoS attack every 2 minutes, as seen in the current Link11 DDoS Report for Q1 2016. Link11, one of the leading DDoS protection providers in Germany, has published its second DDoS report for the three German-speaking countries (Germany, Austria and Switzerland)

    There had previously been inadequate statistics for the three countries, although DDoS attacks are one of the most common security incidents. The Link11 DDoS report is based on the analysis of approx. 7,000 DDoS attacks on targets in German-speaking Europe from January to March 2016. It summarizes the current trends in DDoS attacks with attack bandwidths, attack vectors, and source countries. An analysis of extortion attempts associated with DDoS attacks in the first three months of 2016 and a case study of DDoS attacks against cinema operators in Germany add further details to the report.

    The most important facts for Germany, Austria, and Switzerland:

    • In the first quarter of 2016, the number of DDoS attacks grew by 29.6% over the previous quarter.
    • Every 2 minutes, someone in German-speaking Europe falls victim to a DDoS attack.
    • LSOC recorded 29 of these attacks as using peak bandwidths of over 80 gigabytes per second (Gbps), placing them in the hyper-attack category.
    • The biggest attack measured by LSOC suffered in Q1 2016 was over 147 Gbps.
    • The largest packet filtering rate measured was 47 million packets per second (pps).
    • The proportion of volume attacks has continued to increase compared to the previous quarter, now making up 98.1% of all attacks.
    • DDoS attackers most commonly use UDP floods (29.2%), TCP SYN floods (18.7%), and UPD fragments (17.2%).
    • Three out of 5 volume attacks are multi-vector attacks. The combination of three vectors (36.3%) is most common.
    • In one attack, LSOC even detected the use of eight and nine vectors.

    Increase in DDoS-related extortion in Q1 2016

    LSOC has observed further growth in the number of new groups attempting extortion by DDoS. In addition to the already well-known Armada Collective, new perpetrators such as Gladius and RedDoor have in some cases been extremely aggressive against companies in Germany, Austria, and Switzerland.

    Movie theaters targets of DDoS attacks

    Major cinema chains in Germany were targeted for DDoS attacks in early March. The attackers shut down the web servers of the various cinema operators in a staggered pattern. In some cases, they were down for several hours. Not only were their webpages affected, but also the ability to reserve and purchase movie tickets online was blocked.

    Information on the Link11 DDoS Report

    Each quarter, these DDoS reports for German-speaking Europe provide detailed insights into DDoS attacks and attempts at extortion through DDoS. The report focuses on the evaluation of various characteristics of these attacks and compares them to key figures from the previous quarter. The Link11 DDoS reports provide decision makers and IT managers an overview of the current threat situation. Meaningful statistics and in-depth analysis can help them better assess their own DDoS risk and put the necessary safeguards into place.

    The Link11 DDoS report for German-speaking Europe is available in the download section of the Link11 website.

    Bot Traffic: What You Need to Know
    Link11 joins European anti-botnet initiative ACDC