2011, the year of the DDoS?

Attacks on LulzSec small-fry compared with hits on Russian bloggers, according to one content delivery network.

Attacks on LulzSec small-fry compared with hits on Russian bloggers, according to one content delivery network.

There was a 700 per cent increase in the number of DDoS attacks in second half of 2011, according to content delivery service, CloudFlare.

CloudFlare’s CEO, Matthew Prince, speculates the two main motivations for attacks on its clients were extortion and an eclectic set of political reasons.

“Recent attacks we've seen in this category include those aimed at journalists covering human rights abuses in Angola, bloggers writing about alleged election fraud in Russia, escort sites in Turkey, and sites offering surrogate mother services in China,” Prince wrote on the company’s blog.

CloudFlare’s DDoS protection service was earlier this year was busy fending off attacks against LulzSec, but ‘hacktivists’ and their detractors had nothing on whoever is behind attacks on Russia’s political bloggers that claim alleged fraud in the country.

“The attacks we saw directed at LulzSecurity.com were minor compared with some we see now against certain sites,” said Prince.

“The ones launched against Russian bloggers covering the alleged election fraud, for instance, have been massive.”

The other classic target are e-commerce sites, characterised by Prince as those with over US$1 million in monthly revenue. DDoS attacks were typically preceded by an extortion letter.

Prince claimed its figures were not skewed by its service attracting high-risk customers, and although conceding the rise might not be as steep, he insisted attacks were on the rise.  

Fellow DDoS protection service Prolexic also reported a 400 per cent year on year rise in the number of attacks since the third quarter of 2010. 

It too claims the size of attacks are increasing and claimed to have helped a Chinese client weather a seven day assault in November that reached, at its peak, 45Gbps of attack traffic. The average size of an attack was about 1.4Gbps.

Arbor Networks, which monitors DDoS activity via its Atlas network, shows there were 675 DDoS attacks in the past 24 hours. The largest three sources were China, South Korea and Great Britain, while those experiencing the highest number of attacks were the US, China and Brazil. The most common attack was TCP SYN flooding.

 

Tags DDoS attacksarbor networksCloudFlareProlexicLulzsecLulzsecurityDDos Protection service

1 Comment

Christopher Jost

1

It's worth noting that Arbor is tracking a lot of attack traffic originating from China however, the command and control nodes (and hence the ultimate source of the attacks) are in the US and the EU.

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

IT Compliance Solutions

Enforce compliance consistently and cost-effectively across your organization.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.