DDOS attack size up 50-fold over past decade
- 29 January, 2015 08:19
The size of the largest DDOS attack was fifty times larger last year than ten years ago, according to a new survey of Internet service and hosting providers, and attacks are also increasing in numbers and in sophistication.
The largest reported attack last year was 400 gigabits per second, compared to just 8 Gbps in 2004 -- and 100 Gpbs in 2010.
"The growth is not straight line," said Gary Sockrider, solutions architect at Burlington, Mass.-based Arbor Networks, Inc. and the author of the report. "It's more of a hockey stick."
By comparison, the total bandwidth of the entire Internet grew 42-fold over the same period, according to data from Cisco, from an average of 570 Gbps in 2004 to 24,000 Gbps in 2014.
The growth of the Internet as a whole actually helps the attackers, Sockrider said, since the botnets can get larger.
"They have to come from somewhere," he said.
But the number of defending organizations is also growing, and the bandwidth available to DDOS targets isn't expanding at the same pace.
"There are not too many places on the planet where 400 gigabits of Internet traffic is aggregated in one location," said Sockrider.
About two-thirds of the data center operators who took part in this year's survey said that they had DDOS attacks -- and 33 percent said that the attacks exhausted their Internet bandwidth.
"But the bigger story is the massive increase in very large attacks," he said. "In 2013, we saw less than 40 attacks that were more than 100 gigabits per second. In 2014, we saw 159 individual attacks over 100 gigabits, and five attacks over 200 gigabits."
The attacks are also growing in sophistication, he said.
Ten year ago, volumetric attacks dominated. Today, there are also state exhaustion attacks and application layer attacks, as well as attacks that combine all three vectors.
"The result is to keep you down longer and make it harder to defend against attacks," said Sockrider.
The purpose of the attacks has also changed.
The top three motivations have stayed the same over the past few years -- politics and ideology, vandalism, and online gaming.
"It speaks to how easy these attacks have become to perpetrate," he said. "We actually see instances where online gamers will DDOS the gaming infrastructure just to gain a competitive advantage in playing and winning an online game."
But the use of DDOS attacks as a diversion to cover up for other types of malicious activity has been growing, as has extortion and marketing.
For example, he said, DDOS attacks are increasingly seen in combination with advanced persistent threat campaigns.
"The campaign may have been doing on for a long time, but at the point where they're ready to exfiltrate the data -- the DDOS attack comes," he said. "It's used as a diversion or distraction, so you don't notice that they're extracting the data."
Extortion has moved up on the list, accounting for 20 percent of attack motivations this year, up from 15 percent last year.
Even more attacks -- 28 percent -- are motivated by the criminals using them for marketing, to demonstrate their capabilities to would-be customers.
"Organizations that offer DDOS for hire are giving free trials," Sockrider said. "They'll take someone down for five minutes just to prove that they can."
DDOS attacks are also used to manipulate financial markets, to hurt competing businesses, or in disputes between rival criminal gangs.