Average DDoS attack consumes 925 per cent more bandwidth than in 2012: Prolexic

Distributed denial of service (DDoS) attacks are rapidly becoming more ferocious than ever, with average DDoS bandwidth reaching 49.24Gbps and 47.4 million packets per second (pps) in the second quarter of this year, new figures suggest.

The latest Quarterly Global DDoS Attack Report, from DDoS-fighting security firm Prolexic, found that DDoS attacks had become more frequent and intense by nearly every measure.

For example, the second quarter saw a 20 per cent increase in the total number of DDoS attacks compared with the previous quarter, with a 28 per cent increase in the number of application (layer 7) attacks and a 10 per cent increase in average attack duration, from 34.5 hours to 38 hours.

Those figures were up substantially over the same quarter in 2012, with a 79 per cent increase in layer 7 attacks, 123 per cent increase in attack duration, and 1655 per cent increase in average pps rate.

“We believe this growth is being fuelled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets,” said Prolexic president Stuart Scholly in a statement, noting that the overall volumes and detection rates were up because botnet operators don’t have to try so hard these days.

“Traditionally, botnets have been built from compromised clients,” he explained. “This requires malware distribution via PCs and virus infections, and takes considerable time and effort. Consequently, attackers wanted to protect their client-based botnets and were more fearful of detection, so we saw shorter attack durations.”

Now that it’s so easy to bring up large numbers of infected systems, there’s no need to be careful, Scholly added. “Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets,” he added. “The widespread availability of compromised Web servers makes it much easier for malicious actors to replenish, grow and re-deploy botnets.”

SYN floods accounted for nearly a third of all attacks managed by the Prolexic Security Engineering & Response Team (PLXsert), which monitors DDoS attacks around the world and produces the quarterly reports based on its operational data.

DDoS attacks directed at Layer 3 and Layer 4 infrastructure represented 74.7 per cent of all attacks, with Layer 7 attacks making up the difference. Fully 21.58 per cent of Layer 7 attacks came as HTTP GET floods, thanks in part to the use of commercial DDoS kits like Optima Darkness and Black Energy.

April, with 39.7 per cent of attacks recorded during the quarter, was the busiest of the three months, followed by May (31.6 per cent) and June (28.7 per cent) – a weighting that Prolexic attributes to a rash of attacks against financial services targets, and the use of the itsoknoproblembro toolkit.

China (39.08 per cent of attacks), Mexico (27.32 per cent), Russia (7.58 per cent), Korea (7.29 per cent) and France (6.50 per cent) topped the leader board in terms of DDoS source countries; Prolexic noted the “dramatic” entrance of Mexico as a lead indicator of similar potential increases in other Latin American countries with similar use rates and growing populations.

“Countries that have extensive network infrastructures are typically more susceptible to being selected as targets by malicious groups who seek the unauthorized use and abuse of those network resources,” the report’s authors wrote.

“PLXsert researchers have also observed that malicious actors seek hosting providers that are slow to respond to malware-cleanup requests, as well as those perceived as out-of-reach of international law enforcement authorities.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags distributed denial of service (DDoS)

More about CSOOptima

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts