The average distributed denial-of-service (DDoS) attack size continues to grow, while the length of the majority of attacks shrank to less than an hour, a new report said.
The average DDoS attack size was 2.64 Gbps for the year, an increase of 78 percent from 2012, according to a new report from Arbor Networks for the third quarter. The number of attacks monitored that are more than 20 Gbps jumped to a 350 percent increase so far this year.
Meanwhile, 87 percent of attack lengths went down to less than an hour.
Shorter duration attacks can be harder to mitigate, according to Gary Sockrider, solutions architect for the Americas, Arbor Networks.
One reason for an increase in attack sizes is because more simple to use tools are available for anyone to carry out attacks with little skill or knowledge. In addition, there is a cottage industry growing for DDoS for hire services that are quite inexpensive, Sockrider said.
The largest monitored and verified attack size during the quarter was 191 Gbps, according to Arbor Networks. Fifty-four percent of attacks this year are more than 1 Gbps, up from 33 percent in 2012. So far this year, 37 percent of attacks are between 2 Gbps and 10 Gbps.
Another general trend attacks are moving to the application layer. While volume-based attacks remain the top assault, they now frequently combine with application-layer and state exhaustion attacks, Arbor Networks said.
Click here for more information on the report.