Prolexic Charts Changing Nature of DDoS Attacks In New Quarterly Attack Report
"Prolexic technicians are on the front lines fighting DDoS attacks every day, therefore, we're able to gather valuable data on the tactics, types, origins, and targets of these attacks," said Paul Sop, chief technology officer at Prolexic. "As a service to our customers and the global business community, Prolexic will publish a report each quarter to provide greater insight into current DDoS trends and threats."
Highlights of the Q3 2011 Prolexic Attack Report include:
- Prolexic mitigated 66% more attack traffic this quarter compared to Q3 2010.
- The volume of packets-per-second (PPS) has almost quadrupled compared to Q3 2010, illustrating a significant increase in the size and diversity of attacks over the past 12 months.
- Of all attacks mitigated by Prolexic, approximately 24% were SYN floods, 22% were ICMP floods, and 19% were UDP floods, indicating a change in attack tactics.
- Network layer (Layer 3) attacks were the most common, making up 83% of total attacks with application layer attacks (Layer 7) accounting for the remaining 17%.
- Average attack duration was 1.4 days and the average speed of traffic mitigated was 1.5 Gbps.
- The highest volume of attacks occurred during the period of August 19-25 and August was the month with the highest number of attacks overall.
- The top three countries from which attacks originated were China, India, and Turkey with China-based IP addresses accounting for 55% of attacks.
- Online gambling was the most heavily targeted industry with an average traffic speed of 1.3 Gbps and average attack duration of 1.2 days
Key trends to watch
According to Sop, the Q3 2011 data is indicative of several key trends that online companies should take seriously, especially as the busy holiday shopping season approaches.
"First and foremost, I think the nature of DDoS attacks are changing," Sop said. "Attackers know most businesses have some level of DDoS protection and they are now starting to directly target DDoS mitigation equipment, most of which do not have the capacity to process the high packet per second attacks that are being used."
The findings in the Q3 2011 Prolexic Attack Report also indicate a steady rise in certain attack types, especially high packet per second (PPS) SYN and ICMP floods. "High PPS SYN floods, in particular, target DDoS mitigation appliances by exhausting their processing capabilities with millions of small packets per second, which are commonly vulnerable to such attacks. For example, popular 10 Gbps appliances often exhibit peak handling rates of less than 5 million packets per second. The prevalence of high packet per second SYN floods indicates a change in strategy where attacks are less sophisticated, but more deadly," said Sop.
According to Sop, online retailers and e-Commerce businesses are at the greatest risk of attack in the final quarter of the year, even if they have DDoS mitigation in place. "The simple truth is that automated mitigation tools and providers who offer only basic mitigation capabilities are likely to struggle against these kinds of attacks because they do not have an infrastructure in place with sufficient packet per second processing capacity," he said.
This quarter also saw a significant number of attacks against the online gambling industry, which is often the first to be targeted with new variants. "We can expect some of these newer variants to show up in attacks against other businesses in other sectors over the coming months," warned Sop.
Data for the Q3 2011 report has been gathered and analyzed by the Prolexic Security Engineering & Response Team (PLXSERT). The group monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through data forensics and post attack analysis, PLXSERT is able to build a global view of DDoS attacks, which is shared with Prolexic customers. By identifying the sources and associated attributes of individual attacks, the PLXSERT team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
A complimentary copy of the Prolexic Quarterly Attack Report for Q3 2011 is available as a free PDF download from www.prolexic.com/attackreports. Prolexic's fourth quarter report will be released in January, 2012.
Prolexic is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission critical Internet facing infrastructures for global enterprises and government agencies within minutes. Six of the world's ten largest banks and the leading companies in e-Commerce, payment processing, travel/hospitality, gaming and other at risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first "in the cloud" DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. For more information, visit www.prolexic.com.