There has been a massive increase in distributed denial of services (DDoS) attacks, according to the Imperva Incapsula Global DDoS Landscapre Threat Report released yesterday, reviewing the changes in DDoS attack patterns in Q4 2015.
The report was compiled using data from 3 997 network layer and 5 443 application layer DDoS attacks mitigated by Imperva Incapsula services from 1 October through 28 November.
Igal Zeifman, senior digital strategist for Imperva Incapsula, wrote on his blog: “Most notably, the second half of 2015 saw a surge in the use of DDoS-for-hire services. In a nutshell, these services allow anyone with a PayPal account to launch DDoS attacks of medium to high volume lasting between 30 and 60 minutes.”
Zeifman notes that increased availability of these tools, coupled with media attention and lackluster regulation, put the “industry on an accelerated growth path, leading to a surge in the number of DDoS attacks”.
Additional findings include:
* A 25,3% increase in the frequency of network layer attacks against Imperva clients, in addition to the 108,5% increase reported in Q3 2015.
* Predominant short high-volume bursts, best exemplified by the largest network layer assault Imperva dealt with in Q4 a 40 minute-long SYN flood that peaked at 325Gbps and 115Mpps. This makes it one of the largest DDoS attacks mitigated by any DDoS protection provider to date.
* Overall, 82,9% of network layer attacks in Q4 2015 lasted under 30 minutes.
* An increase in the amount of high-volume assaults that used smaller-sized network packets (for example, TCP floods).
* Botnet activity: Surge in attacks against Japan and UK – US-based websites drew the bulk of DDoS attacks in Q4 2015, becoming the target of 47,6% of all botnet traffic followed by the UK and Japan–both of which were targeted by significantly more DDoS attacks than they were in Q3 2015.
* On the attacker’s side, China, South Korea, the US and Vietnam continued to lead the list, with variant of Nitol, PCRat and Dirtjumper being the most commonly used attack malware.
* Notably, 3,7% of attacks were reflection attacks enabled by a known flaw in the Joomla! Googlemaps plugin. The vulnerability enabled the attacker to use the hosting server as a proxy for denial of service, XML injection, cross site scripting and full path disclosure attacks.