In 2016, the Warsaw-based SOC –which provides 24/7 DDoS, anti-fraud and Web Application Firewall (WAF) research and mitigation services – has handled and mitigated 8,536 DDoS instances alone.
One of the attacks featured among the largest globally – a 448 Gbps UDP/ICMP fragmentation flood destined using over 100,000 IP addresses were from multiple regions.
The incident highlights a growing trend for global coordination to achieve maximum impact, with IP attack traffic stemming largely from Vietnam (28%), Russia (22%), China (21%), Brazil (15%) and the USA (14%).
“The EMEA Security Operations Center has been experiencing rapid growth since launching in September last year, and it is entirely driven by the explosion of attacks across the region, as well as businesses realizing they need to prepare for the worst,” said Kamil Wozniak, F5 SOC Manager.
In Q1 (October – December), the SOC experienced a 100% increase in DDoS customers, compared to the same period last year. WAF customers were up 136%, and anti-fraud rose by 88%.
User Datagram Protocol (UDP) fragmentations were the most commonly observed type of DDoS attack in Q1 (23% of total), followed by DNS Reflections, UDP Floods (both 15%), Syn Floods (13%) and NTP Reflections (8%)
Gad Elkin, F5 EMEA Security Director, said: “Given the rise and variety of new DDoS techniques, it is often unclear if a business is being targeted. This is why it is more important than ever to ensure that traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly.
“The best way forward is to deploy a multi-layered DDOS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer.”