DDoS Attacks Getting Stronger, Tougher
Monday, April 25, 2016 @ 02:04 PM gHale
Distributed denial of service (DDoS) attacks in the first quarter were more advanced and sophisticated, a new report said.
Like any successful business, DDoS attacks continued its growth in size and sophistication, said researchers in Imperva’s Global DDoS Threat Landscape Q1 2016.
Attackers are experimenting with elaborate tools and attack methods to carry out network assaults, researchers said.
There have been changes in application and network layer attacks and there has been a shift in the activity of DDoS botnets, the researchers said.
When it comes to application-layer attacks, attackers increased the use of browser-like DDoS bots capable of bypassing standard security challenges by 36.6 percent, although the increase was only 6.1 percent in the previous quarter.
Researchers also said the frequency of attacks continued to increase in the first quarter of 2016, as 50 percent of the attacked sites ended up targeted more than once. Moreover, they found 31.8 percent of websites were targets between two and five times, up from 26.7 percent before.
Out of 5,267 application layer attacks during the timeframe, 87.8 percent lasted for more than 30 minutes, with the longest lasting for 36 days so far because it is ongoing.
The largest attack Imperva saw peaked at 100,100 requests per second. Additionally, they found 18.9 percent of DDoS bots could bypass cookie challenges, and 17.7 percent of them could bypass cookie and JS challenges.
In the network layer DDoS attacks segment, Imperva saw a 33.9 percent increase in multi-vector attacks, as perpetrators tend to combine high Gbps and high Mpps attack vectors. The largest attack witnessed peaked at 200+ gigabits per second, with the highest attack rate reaching 120+ million packets per second.
Imperva mitigated 3,791 network layer attacks in the first three months of the year, and the longest lasted 48.5 hours. The security company also said it encountered multiple 100+ Gbps assaults, and 50+ Mpps attacks occurred every four days and an 80+ Mpps assault was recorded every eight days, on average.
On the botnet side, the most notable occurrence Imperva saw was a steep increase in DDoS traffic out of South Korea, making it the country of origin for 29.5 percent of botnet activity. The majority of these assaults aimed at websites hosted in Japan and the U.S.
Imperva also documented the emergence of new botnet(s) consisting of Windows OS devices infected with Generic!BT malware.
Click here to download the report.