Financial Services Firms Hit by DDoS Attacks
According to Prolexic's Q1 2012 Report / Malicious packet volume increases 3,000% quarter over quarter
The Prolexic Security Engineering & Response Team (PLXsert) team logged an almost threefold increase in the number of attacks against its financial services clients during Q1 compared to Q4 2011, as well as a 3,000% increase in malicious packet traffic. The company also mitigated more attack traffic this quarter than it did in all of 2011.
"This quarter was characterized by extremely high volumes of malicious traffic directed at our financial services clients," said Neal Quinn, Prolexic's vice president of Operations. "We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses."
During Q4 2011, over 168 trillion bits of data and 14 billion packets of malicious traffic were identified as targeting financial services clients. This quarter, 5.7 quadrillion bits of data and 1.1 trillion malicious packets were identified and successfully mitigated, representing a 3,000% increase in malicious packet traffic over Q4 2011.
Other report highlights
Compared to Q1 2011
- 25% increase in total number of DDoS attacks
- 25% increase in Layer 7 (application layer) attacks
- Shorter attack duration: 28.5 hours vs. 65 hours
- Decline in UDP Floods and increase in GET Floods
Compared to Q4 2011
- Total number of attacks was virtually unchanged
- 6% rise in Layer 7 attacks
- Average attack duration declined to 28.5 hours from 34 hours
- China remains the top source country for attacks but the U.S. and Russia both move up in the rankings
Key trends to watch
In Q1 2012, average attack durations continued to edge down, dropping from 34 hours in Q4 to 28.5 hours this quarter. Of note, average attack bandwidth increased to 6.1 Gbps, up from 5.2 Gbps in the previous quarter. Taken together, these two metrics confirm previous trend predictions of shorter attack durations, but with higher traffic volumes. This conclusion can be drawn when comparing data from Q1 2012 and Q4 2011 as well as Q1 2012 and Q1 2011.
Infrastructure layer attacks targeting Layer 3 and Layer 4 continue to be the choice of attackers, however, this quarter showed a 6% increase in DDoS attacks targeting the application layer (Layer 7). PLXsert believes that there will be a gradual shift to Layer 7 attacks over the long term. Regarding attack types over the last 12 months, UDP Floods have declined in popularity with SYN Floods emerging as the "go to" attack type.
"The expertise of Prolexic's Security Operations Center staff and the unrivaled capacity of our cloud-based mitigation platform minimized the impact of these large attacks against their targets," said Quinn.
Data for the Q1 2012 report has been gathered and analyzed by the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through data forensics and post attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with Prolexic customers. By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
A complimentary copy of the Prolexic Quarterly Attack Report for Q1 2012 report is available as a free PDF download from www.prolexic.com/attackreports. Prolexic's Q2 2012 report will be released in the third quarter of 2012.
Prolexic is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission critical Internet facing infrastructures for global enterprises and government agencies within minutes. Ten of the world's largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first "in the cloud" DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. For more information, visit www.prolexic.com