Denial-of-service attacks are on the rise, anti-DDoS vendors report

Japan named as primary source of DDoS attack traffic for Q4 2011

Both the number and volume of distributed denial-of-service attacks are increasing, according to new reports from DDoS mitigation companies Prolexic and Arbor Networks.

During the fourth quarter of last year, Prolexic detected 45 percent more DDoS attacks compared to the similar period of 2010 and more than twice the number of attacks observed during the third quarter of 2011.

There's a trend toward a shorter attack duration, but a bigger packet-per-second attack volume, said Paul Sop, Prolexic's chief technology officer.

The average attack bandwidth registered in the fourth quarter of 2011 was 5.2G bps (bits per second), 148 percent higher than what it was during the third quarter. The year over year increase for attack bandwidth in 2011 was 136 percent.

This trend is also reflected in a new report from Arbor Networks which surveyed 114 representatives of different market segments about their experience with DDoS attacks in 2011. Over 40 percent of respondents said they experienced attacks that exceeded 1G bps in bandwidth last year, while 13 percent said they were the target of at least one attack that exceeded 10G bps.

Based on the Prolexic's statistics for the last quarter of 2011, Paul Sop believes that 2012 will be one of the most challenging years for online businesses, because they are one of the primary targets of DDoS attacks.

Both Prolexic and Arbor Networks recorded an increase in the number of so-called layer-7 DDoS attacks, which target particular Internet facing applications rather than load balancers or Internet gateways.

DDoS attacks on applications focus on sending bad traffic using those applications' protocols, said Darren Anstee, solutions architect for Europe, the Middle East and Africa at Arbor Networks. The attacks are very effective using relatively low bandwidth and just a few hosts, he said.

The number one motivation for DDoS attacks in 2011 was rooted around political and ideological conflicts, said Roland Dobbins, an Arbor solutions architect for Asia and co-author of the company's report.

Japan was the primary source of DDoS attack traffic for the last quarter of 2011, according to Prolexic. This comes as a surprise because the country rarely even makes it into the top 10 and doesn't have a large concentration of botnets.

Prolexic believes that the surge of DDoS attacks originating in Japan might be the result of local companies setting up impromptu communication networks with lax security in the aftermath of last year's natural disasters. Poor network security could have led to a larger number of botnet-compromised computers in the country.

(Jeremy Kirk in London contributed to this report.)

Join the CSO newsletter!

Error: Please check your email address.

More about Arbor NetworksRoland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place