By Igal Zeifman
DDoS (distributed denial of service) attacks continue to be a significant problem for online businesses. In addition to the threat of financial losses, they can also irrevocably damage critical client relationships.
Today, the wide availability of DoS tools and services that enable execution of DDoS attacks has lowered the bar for perpetrators, creating a reality where every online business is a potential target. If your company has a web presence, the need for reliable mitigation solutions and a strategic planning has never been more important.
To help our customers and the online community remain safe from ongoing security issues, we keep a close eye on the ever-evolving world of DDoS attacks. The Imperva Incapsula Q3 2015 Global DDoS Threat Landscape Report covers the specifics of these attack patterns on our networks. At the same time, it provides vital data to help us stay informed and ahead of the latest trends in DDoS attacks.
Our analysis is based on attack data collected from across the Incapsula network from July 1 thru August 29 of this year. All told, there were 2,732 network layer and 5,020 application layer attacks during this period, representing a 116 percent increase over Q2.
Key Findings on the State of Cloud Security
Following a close review of the data collected, six key threat patterns were identified for Q3:
1. 100+ Gbps attacks are becoming more frequent. On average, a 100+ Gbps network layer attack was mitigated by Incapsula every other day – with the largest peaking at 260 Gbps. The largest application layer attack peaked at 268,800 requests per second.
2. China is the leading source country for attacks. A total of 37.5 percent of DDoS botnet traffic originates in China, making it the leading source country for attacks in the world. By comparison, South Korea is the second worst offender at 9.44 percent, followed closely by the U.S. with 9.11 percent.
3. U.S. businesses are the most targeted. Websites originating from the U.S. are at the greatest risk of being targeted by DDoS attacks. In fact, they are the targets of 45.8 percent of all DDoS traffic.
4. Multi vector attacks are more sophisticated. Multi vector attacks have begun incorporating eight, and even nine different vectors in a single assault. Shifting between vectors, such as going from a relatively simple SYN flood, to a DNS amplification, to a reflected attack, is an advanced technique for bypassing security perimeters. The fact that some perpetrators can use up to nine different attack types shows just how flexible and sophisticated DDoS malware has become and how important it is to be prepared for every attack scenario, no matter how obscure.
5. Single vector attacks are more common. At the same time, the number of single vector attacks has also gone up. This indicates that, on the other end of the spectrum, non-professionals are increasing their use of stresser services. More and more often, we see attacks that have been motivated by nothing more than just boredom and vandalism. Sadly, this isn’t surprising, given the fact that everyone today can launch a mid-sized DDoS attack using a stresser service for $20 a pop.
6. Short burst attacks are on the rise. As evidenced by the only four percent of network layer attacks lasting more than three hours during Q3, perpetrators are now opting for short burst, hit-and-run attacks.
Still, the need to quell prolonged DDoS attacks remains paramount. For example, the longest attack during the third quarter lasted more than 20 days and nearly 15% of all application layer attacks lasted over 12 hours.
For more details on distributed denial of service issues and online security concerns facing website operators, please consult the Q3 2015 Global DDoS Threat Landscape Report. This article is an excerpt of the original published on the Incapsula blog.