Here's the good news: The duration of distributed denial of service (DDoS) attacks is shrinking, according to a report by security vendor Arbor Networks analyzing recent DDoS attacks.
Now for the bad news: The attacks appear to be getting larger. By the end of 2014, 16% of DDoS attacks were over 1 Gbps. That increased to 18% in the first quarter of 2015 and then to 21% in the second quarter. Most of the growth occurred in attacks ranging from 2 to 10 Gbps, according to Arbor.
The percentage of recent DDoS attacks over 10 Gbps is still low, accounting for 1.4% of attacks in the second quarter of 2015, up from 0.9% the previous quarter.
The number of reflection amplification attacks -- which magnify the volume of a DDoS attack and hide its origin -- exploiting Simple Service Discovery Protocol (SSDP) subsided over that period, dropping from 126,000 attacks in the first quarter to 84,000 the following one. SSDP is one of several protocols, along with Network Time Protocol (NTP) and DNS, used by cybercriminals to generate the high volumes of traffic seen in many of the largest, headline-grabbing recent DDoS attacks. NTP-based attacks were among the largest attacks recorded in the second quarter, clocking in at an average of 2.75 Gbps and a peak of 185.94 Gbps, according to Arbor.
Experts say enterprises can minimize their risk by disabling SSDP if it's not in use and by securing DNS resolvers that might be misconfigured or unmonitored.