- Aug 6, 2015
- 306
Distributed denial of service (DDoS) attacks have increased by a whopping 220% in the last year "with no signs of abating", fuelled by DDoS-for-hire services and the use of "hit-and-run" tactics, new data shows. According to cybersecurity firm Imperva's annual "DDoS Threat Landscape Report", DDoS attacks rose by 221% between April 2015 and March 2016, with the UK becoming the second most popular target in the world.
DDoS attacks occur when a threat actor persistently overloads a company's network with fake traffic in order to bring it down, rendering it useless to clients. DDoS attacks are now one of the most common cyber threats facing online organisations, the firm found.
Between 1 April, 2015 and 31 March, 2016, the firm mitigated an average of 445 attacks targeting its customers per week. While over 40% of its customers affected were targeted more than once, 16% were targeted more than five times. Both network and application layer attacks doubled during this period, the firm found.
Although application layer attacks claimed most of the assaults, accounting for 60% of all DDoS attacks, the report noted that the number of attacks targeting the application layer has been trending downwards, dropping by more than 5% year over year.
Imperva also noted that network layer attacks have hit a new high with the largest assault peaking at 470 Gbps.
The firm attributes this steep uptick in DDoS attacks to the growing popularity of DDoS-for-hire services, where a malicious attacker can potentially pay as little as $5 to launch a minute-long DDoS attack against a chosen target. The attacks account for 93% of DDoS attacks, up from 63.8% in Q2 2015.
The use of hit-and-run tactics, where "a single assault is executed through multiple consecutive attack bursts" has also contributed to the rise in DDoS attacks. The firm found that repeated attack events have risen from 29.4% in Q3 2015 to almost 50% in the first quarter of 2016, highlighting the "tenacity of DDoS offenders, many of whom persist in trying to take a target down even after multiple failed attempts".
"The fact that DDoS-for-hire now accounts for over 90% of all assaults paints a new profile of top bad actors," the report reads. "These are non-professionals who use DDoS for racketeering or to instigate attacks out of boredom or spite.
"The existence of such unpredictable offenders poses a new threat to many online entities that traditionally didn't consider themselves a potential target."
In a single DDoS attack, the use of multiple payloads and vectors indicate the complexity and sophistication of an attack.
Although researchers recorded a decrease in attack complexity and multi-vector attacks in Q2 2015, which indicates an increase in "casual offenders", the first quarter of 2016 saw an increase in the volume of assaults using five or more payloads.
"This countertrend reminds us that - in parallel with the increased 'hobbyist' activity - more capable cybercriminals continue to improve their methods," the report reads. "As per the first rule of the DDoS mitigation industry, attacks continue to get larger and more sophisticated on the high-end of the scale."
The report also found while China has remained the top point of origin for botnet activity in three out of four quarters, South Korea has rapidly grown as a hub for botnet traffic, with almost one-third of all application layer DDoS traffic originating from the Asian nation. Imperva notes that although this trend is new, it is not a surprising one given the country's powerful and sophisticated Internet infrastructure.
On the other hand, the UK has become the world's second most attacked country, after the US, accounting for 9.2% and 50.3% in the first quarter of 2016 respectively. The firm also observed an increase in DDoS attacks on UK-based businesses during the final six months of the study. The attacks spiked during the holiday season when "increased cyber extortion attempts caused a boom in criminal activity".
Although most DDoS attacks targeted small and medium-sized businesses, several bigger organisations were also attacked including the BBC, HSBC UK and the Irish National Lottery.
DDoS attacks occur when a threat actor persistently overloads a company's network with fake traffic in order to bring it down, rendering it useless to clients. DDoS attacks are now one of the most common cyber threats facing online organisations, the firm found.
Between 1 April, 2015 and 31 March, 2016, the firm mitigated an average of 445 attacks targeting its customers per week. While over 40% of its customers affected were targeted more than once, 16% were targeted more than five times. Both network and application layer attacks doubled during this period, the firm found.
Although application layer attacks claimed most of the assaults, accounting for 60% of all DDoS attacks, the report noted that the number of attacks targeting the application layer has been trending downwards, dropping by more than 5% year over year.
Imperva also noted that network layer attacks have hit a new high with the largest assault peaking at 470 Gbps.
The firm attributes this steep uptick in DDoS attacks to the growing popularity of DDoS-for-hire services, where a malicious attacker can potentially pay as little as $5 to launch a minute-long DDoS attack against a chosen target. The attacks account for 93% of DDoS attacks, up from 63.8% in Q2 2015.
The use of hit-and-run tactics, where "a single assault is executed through multiple consecutive attack bursts" has also contributed to the rise in DDoS attacks. The firm found that repeated attack events have risen from 29.4% in Q3 2015 to almost 50% in the first quarter of 2016, highlighting the "tenacity of DDoS offenders, many of whom persist in trying to take a target down even after multiple failed attempts".
"The fact that DDoS-for-hire now accounts for over 90% of all assaults paints a new profile of top bad actors," the report reads. "These are non-professionals who use DDoS for racketeering or to instigate attacks out of boredom or spite.
"The existence of such unpredictable offenders poses a new threat to many online entities that traditionally didn't consider themselves a potential target."
In a single DDoS attack, the use of multiple payloads and vectors indicate the complexity and sophistication of an attack.
Although researchers recorded a decrease in attack complexity and multi-vector attacks in Q2 2015, which indicates an increase in "casual offenders", the first quarter of 2016 saw an increase in the volume of assaults using five or more payloads.
"This countertrend reminds us that - in parallel with the increased 'hobbyist' activity - more capable cybercriminals continue to improve their methods," the report reads. "As per the first rule of the DDoS mitigation industry, attacks continue to get larger and more sophisticated on the high-end of the scale."
The report also found while China has remained the top point of origin for botnet activity in three out of four quarters, South Korea has rapidly grown as a hub for botnet traffic, with almost one-third of all application layer DDoS traffic originating from the Asian nation. Imperva notes that although this trend is new, it is not a surprising one given the country's powerful and sophisticated Internet infrastructure.
On the other hand, the UK has become the world's second most attacked country, after the US, accounting for 9.2% and 50.3% in the first quarter of 2016 respectively. The firm also observed an increase in DDoS attacks on UK-based businesses during the final six months of the study. The attacks spiked during the holiday season when "increased cyber extortion attempts caused a boom in criminal activity".
Although most DDoS attacks targeted small and medium-sized businesses, several bigger organisations were also attacked including the BBC, HSBC UK and the Irish National Lottery.