DDoS attacks getting bigger, stronger and longer
Number of attacks rose by a third year on year, with perpetrators becoming less concerned about detection, according to Prolexic
Distributed Denial of Service (DDoS) attacks got bigger, stronger and longer in Q2 and there were more of them, according to research by one of the market's key protagonists.
According to Prolexic Technologies' Quarterly Global DDoS Attack Report, the average packet-per-second (pps) rate and average bandwidth of DDoS attacks launched in the three months to June grew by 1,655 per cent and 925 per cent respectively.
As well as being more powerful, they also lasted longer – 38 hours on average compared with 17 hours in Q2 2012 – as attackers became less concerned about being detected.
The data was based on all the attacks mitigated by Prolexic, a Florida-based firm which claims to work with 10 of the world's largest banks and lists Didata, BT and Preventia among its channel partners.
The number of DDoS attacks rose by 33 per cent, with infrastructure-directed attacks (Layer 3 and 4) accounting for 75 per cent of the total and application-layer attacks (Layer 7) making up the remainder, Prolexic said. However, application-layer attacks are growing at a much faster rate – 79 per cent compared with 23 per cent for Layer 3-4.
SYN floods were the attack type of choice, accounting for nearly a third of the total.
"This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer," said Stuart Scholly, president at Prolexic. "We believe this growth is being fuelled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets."
Scholly said attack durations are probably increasing because perpetrators are less concerned about detection and protecting their botnets.
"The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets," he said.
DDoS mitigation is becoming big business for the channel, with IDC predicting the market will grow by 18.2 per cent annually between 2012 and 2017 to reach $870m (£570m).
The frequency, strength and duration of DDoS attacks also rose on a quarter-on-quarter basis, Prolexic said. Average bandwidth ticked up two per cent on Q1, while average pps volume rose 46 per cent sequentially. Average attack durations rose by 10 per cent quarter on quarter, while the number of attacks was up by 20 per cent.