The trend for DDoS attacks to target media, entertainment and online gaming services shows no sign of abating with these sectors now accounting for more than half of all incidents, according the latest figures from Verisign’s protection services wing.

The firm’s Q3 numbers show that 55 percent of DDoS attacks picked on media and entertainment, beating IT services and SaaS into second place on 28 percent, e-commerce third on 10 percent and finance fourth on 7 percent.

DDoS Verisign

In the first quarter of 2014 the figure was 35 percent, which rose to 43 percent in Q2 which means that something has been driving media and gaming's popularity as a target throughout the year.

One could infer from the falling targeting of finance that the cause is simply an attraction to the industries least likely to have DDoS off-premises mitigation in place, although of course Verisign takes these numbers from its own customer base that does. The other explanation is the rise of online gaming and those who fancy attacking it.

"Entertainment in this sense really refers to online gaming, which has been hit hard by DDoS attacks this year from a variety of actors, including gamers themselves who try to disrupt services for a variety of reasons," Verisign chief security officer Danny McPherson told Techworld.

By coincidence the largest attack Verisign has ever recorded was last summer’s 300Gbps assault on a media firm’s datacentre. Thankfully, the size of attacks has decreased from this level in Q2, with e-commerce seeing most of the large ones at a peak attack size of 90Gbps.

As with Arbor Networks last month, Verisign noticed the appearance of DDoS attacks attempting to harness the Simple Service Discovery Protocol (SSDP) for amplification traffic.

“Though the amplification it generates is smaller than that possible with DNS or NTP reflection attacks, SSDP attacks still have the capability to overwhelm organizations that are using traditional security appliances to protect their assets,” noted VeriSign.

The Shellshock flaw was also exploited to deploy the ELF Linux malware, an established DDoS botnet that jumped on the issue in an opportunistic way.

Last month, Akamai reported that the number of very large DDoS attacks has been growing in 2014 on the back of vulnerabilities like thia and the exploitation servers running vulnerable protocols.