Distributed Denial of Service (DDoS) attacks continue to evolve to the point where they are so much different now than they were even a few short years ago.
“It was a dynamic 12 months for DDoS attacks,” said Stuart Scholly, president of security firm Prolexic Technologies, which just published its top 10 attack trends for 2013. “The tools used by malicious actors in 2013 and the tactics they adopted changed considerably, reflecting the on-going evolution of the DDoS threat.”
Throughout the year, Prolexic collected metrics from all DDoS attacks launched against the company’s global client base. The Prolexic Security Engineering & Response Team (PLXsert) used proprietary techniques and equipment to gather the information. Through digital forensics and post-attack analysis, PLXsert is able to build a global view of the evolving DDoS threat.
Top 10 DDoS trends last year:
1. DDoS attack volume continued to rise with Prolexic mitigating 32.43 percent more attacks in 2013 than it did in 2012
2. DDoS attack volume also increased month-to-month in 2013, with 10 out of 12 months showing higher attack volume compared to 2012
3. Smaller, stealthy and more sophisticated application layer (Layer 7) attacks increased approximately 42 percent
4. High bandwidth, volumetric infrastructure layer (Layer 3 & 4) attacks increased approximately 30 percent
5. DNS, UDP, and UDP fragmentation floods, as well as CHARGEN, were the attack vectors that showed the most adoption in 2013
6. SYN and ICMP floods were the attack vectors that showed the most decline in use
7. Average DDoS attack sizes continued to increase with Prolexic mitigating numerous attacks over 100 Gbps, the largest peaking at 179 Gbps
8. Reflected amplification attacks emerged as a very popular attack method
9. Mobile devices and apps began participating in DDoS campaigns
10. DDoS attacks were more likely to originate from Asian countries
“It is critical in 2014 that enterprise defenses continue to keep pace with the changing DDoS threat,” Scholly said. “In addition to increasing vigilance and knowledge, enterprises should also validate services from any mitigation providers they have retained to ensure the latest threats can be blocked quickly and effectively.”