DDoS tools fuel growth in large attacks, says Prolexic

Bigger and definitely much nastier

The number of DDoS attacks reached their highest ever level for a single quarter in the last three months of 2012, recording a 19 percent year-on-year growth, mitigation vendor Prolexic has reported.

The key to understanding DDoS trends is deciding what actually matters. Is it the total number of attacks, their average size, the number of rarer massive attacks, or the type of attack employed?

Judging from Prolexic's customer base, the news is mostly bad. With the exception of a slight drop in attack duration to 32 hours compared to Q4 2011, all the other DDoS numbers show a modest but unmistakable shift towards red.

Year-on-year average attack bandwidth rose from 4.9Gbps to 5.9Gbps, with attack volumes jumping a notch in 2012 compared to a year earlier.

Three quarters of attacks are still at layer 3 and 4, which means they are packet-based attacks targeting network infrastructure; the remaining 25 percent are more complex layer 7 attacks that try to overload applications.

The company detected seven attacks greater than 50Gbps, it said, with one or two above even that huge level.

The deeper question worth asking is whether the numbers really help explain changes in the motivation of those doing the attacking or on whose behalf attacks are being carried out.

Prolexic underlines the rise of one botnet attack tool in particular, itsoknoproblembro, as being noteworthy for its connection to a number of highly targeted attacks on the US financial sector during the second half of 2012.

Prolexic doesn't say it but these have been serious enough to catch the attention of the US authorities which now suspect a state-sponsored attack on US banks by Iran.

The challenge of itsoknoproblembro is its sophistication, allowing "automated reconnaissance, exploitation, infection and attack management," to borrow Prolexic's own description.

More than half of attacks originate in China (which doesn't mean they're necessarily under Chinese control), followed by Germany, India, Egypt and Pakistan with between roughly five and ten percent each.

"The fourth quarter was defined by the increasing scale and diversity of DDoS attacks. While bandwidth attacks of 20 Gbps were the story last quarter, 50 Gbps is more relevant now," said Prolexic CEO, Scott Hammack.

"The take away for businesses from this Q4 report is to make sure that their DDoS mitigation provider can handle attacks in excess of 50 Gbps in a single location," he added.

"When attacks are this large, it's important that the provider can mitigate this volume of attack traffic in one place and distribute it effectively so it does not compromise intermediary transit providers and affect others."

Tags: security, Networking, Prolexic

Major security flaws threaten satellite communications

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Email Gateway

Clearswift SECURE Email Gateway is an effective and resilient email gateway for 50 to 50,000 users.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.