Attack Bandwidth up 718%: Report

Wednesday, April 17, 2013 @ 12:04 PM gHale

The average Distributed Denial of Service (DDoS) attack bandwidth totaled 48.25 Gbps in Q1 2013, a 718 percent increase over last quarter, and the average packet-per-second rate reached 32.4 million, a new study reported.

“Average packet-per-second rate and average bit rate spiked in the first quarter and both are growing at a fast clip,” said Stuart Scholly, president at Prolexic Technologies, responding to the results of the company’s Quarterly Global DDoS Attack Report. “When you have average – not peak – rates in excess of 45 Gbps and 30 million packets-per-second, even the largest enterprises, carriers, and quite frankly most mitigation providers, are going to face significant challenges.”

Bitcoin Services Under Attack
Skype Malware Helps Mine for Bitcoins
Live Kelihos Botnet Takedown
Stronger, Smarter Botnet Appears

Early last year, a different type of DDoS attacker emerged: One with considerable botnet resources, but also an intimate understanding of how the Internet routing topology works. As a result, there was a clear shift to high packet-per-second DDoS attacks specifically designed to overwhelm infrastructure elements such as routers, the Prolexic report said. Failure of these devices often causes collateral damage, typically taking thousands of customer websites offline.

“It’s a classic change up,” Scholly said. “Nearly everyone has been focused on bandwidth and gigabits per second, but it’s the packet rate that’s causing the most damage and presenting the biggest challenge. These packet rates are above the thresholds of all but the most expensive routers and line cards and we are seeing networks buckle as a result.”

Highlights from the report show a comparison to the most recent fourth quarter:
• Average attack bandwidth up 718 percent from 5.9 Gbps to 48.25 Gbps
• Average attack duration increases 7.14 percent from 32.2 hours to 34.5 hours
• Total number of infrastructure attacks rise 3.65 percent; total number of application attacks fall 3.85 percent
• 1.75 percent increase in total number of DDoS attacks

During Q1 2013, more than 10 percent of DDoS attacks against Prolexic’s global client base averaged more than 60 Gbps. The largest attack mitigated in the quarter peaked at 130 Gbps, occurring in March against one enterprise user. In response to these huge attacks, more carriers and ISPs are having to null route (black hole) traffic to protect their networks.

Attack volume also grew in Q1 2013 and reached the highest number of attacks Prolexic has logged for one quarter. However, the percentage increase over the previous quarter was nominal. Attack volume has been especially high during the last six months, reflecting a general trend of heightened global DDoS activity and risk of attack.

Like recent quarters, Layer 3 and Layer 4 infrastructure attacks were the favored attack type, accounting for 76.54 percent of total attacks during the quarter, with Layer 7 application layer attacks making up the remaining 23.46 percent. This approximate 3:1 split remains unchanged. This quarter, SYN (25.83 percent), GET (19.33 percent), UDP (16.32 percent) and ICMP (15.53 percent) floods were the attack types most often encountered during mitigation.

Average attack duration continued to rise, from 32.2 hours the previous quarter to 34.5 hours in Q1, an increase of 7.14 percent. March was the most active month for attacks, accounting for 44 percent of the quarter’s attacks. The week of March 19 was the most active of the quarter. The last two weeks of the quarter were the most active and showed the largest percentage increase compared to Q1 2012 (306 and 154 percent respectively).

As is commonplace, the top 10 list of source countries responsible for launching the most DDoS attacks was fluid with the exception of China. Once again, China secured the top place in attack source country rankings, joined by the United States, Germany, and for the first time, Iran.

Click here to register for a free copy of the Quarterly Global DDoS Attack Report.

Leave a Reply

You must be logged in to post a comment.