Our website makes use of cookies like most of the websites. In order to deliver a personalised, responsive and improved experience, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. These cookies are completely safe and secure and will never contain any sensitive information. By clicking continue here, you give your consent to the use of cookies by our website.

CCI
Thursday, 28 January 2016 11:58

DDoS attacks switch their emphasis to short-sharp shocks

Written by 

Quarter four 2015 marked a real change in the way hackers used DDoS attacks to bring down sites and saw a massive rise in attack against UK sites

The Q4 2015 DDoS threat Landscape report from Imperva makes for frightening reading. The sheer scale of the attacks means that even the largest and most well-protected organisations will have problems protecting themselves – the recent attack on the BBC on New Year’s Eve from a small group of hackers proves this in spades.

The largest attack Network Layer attack seen by Imperva in the Q4 2015 period was a 40 minute Syn flood attack that peaked at a colossal 325Gbps/115Mpps and is one of the largest to be ever documented, additionally the longest Application Layer attack recorded by Imperva lasted for over 101 days (that’s longer than the whole quarter) against a US-hosted website registered to a small catering business.

Short-sharp shock tactics for DDoS

According to Imperva, the trend over the last quarter was for short burst attacks, with multiple attacks being launched in the span of a few hours. In the quarter, the majority (82.9%) of Network Layer attacks lasted under 30 minutes, and 58% of Application Layer attacks lasted less than an hour.

Imperva DDoS Q4 2015 Network layer attack duration

Imperva also noticed that in Q4 DDoS assaults were also staring to use smaller-sized network packets (e.g., TCP floods) which attack an operators processing capacity (Mpps), rather than the traditional network bandwidth (Gbps) route. 

This short-sharp-shock tactic instead of large and long prolonged attacks seems to have been adopted by hackers to bring maximum damage to a site as countering these attacks requires a combination of early detection and rapid activation, as well as scalability and to consider processing capacity and bandwidth which is harder for most organisations to organise than a normal DDoS defence.

For example by using high-rate attacks, hackers can overload network routers, switches and mitigation solutions that are not equipped to manage similarly-high Mpps loads. For instance, current-gen mitigation appliances, which may handle 4-5 Gbps, will only have a processing capacity of less than one Mpps at 64 Bytes. 

The UK under attack

Targeted Countries Attacking Countries
United States 47.6% China 39.8%
United Kingdom 23.2%  South Korea 12.6%
Japan 8.6% United States 11.7%
Netherlands 6.8% Vietnam 5.8%
France 4.6% Turkey 4.2%
Canada 3.2% Netherlands 2.9%
Germany 2.5% Spain 1.5%
Ireland 1.5% India 1.5%
Brazil 0.6% Brazil 1.4%
Russia 0.3% Russia 1.3%

Similar to previous quarters, US-based websites drew the bulk of DDoS attacks, becoming the target for 47.6%, unfortunately, the report also finds that there were an increase in attacks targeting-UK based websites, attacks rose from 2.5% in Q3 to 23.2% in Q4 putting it in second place, by comparison, the next largest growth was to Japanese websites which grew from 1.2% to 8.6% putting it in third place. The majority of attacks were from China, South Korea, US and Vietnam    

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

cci-app-store-apple

CCi-with-android

255x635 banner2-compressed