The Q4 2015 DDoS threat Landscape report from Imperva makes for frightening reading. The sheer scale of the attacks means that even the largest and most well-protected organisations will have problems protecting themselves – the recent attack on the BBC on New Year’s Eve from a small group of hackers proves this in spades.
The largest attack Network Layer attack seen by Imperva in the Q4 2015 period was a 40 minute Syn flood attack that peaked at a colossal 325Gbps/115Mpps and is one of the largest to be ever documented, additionally the longest Application Layer attack recorded by Imperva lasted for over 101 days (that’s longer than the whole quarter) against a US-hosted website registered to a small catering business.
Short-sharp shock tactics for DDoS
According to Imperva, the trend over the last quarter was for short burst attacks, with multiple attacks being launched in the span of a few hours. In the quarter, the majority (82.9%) of Network Layer attacks lasted under 30 minutes, and 58% of Application Layer attacks lasted less than an hour.
Imperva also noticed that in Q4 DDoS assaults were also staring to use smaller-sized network packets (e.g., TCP floods) which attack an operators processing capacity (Mpps), rather than the traditional network bandwidth (Gbps) route.
This short-sharp-shock tactic instead of large and long prolonged attacks seems to have been adopted by hackers to bring maximum damage to a site as countering these attacks requires a combination of early detection and rapid activation, as well as scalability and to consider processing capacity and bandwidth which is harder for most organisations to organise than a normal DDoS defence.
For example by using high-rate attacks, hackers can overload network routers, switches and mitigation solutions that are not equipped to manage similarly-high Mpps loads. For instance, current-gen mitigation appliances, which may handle 4-5 Gbps, will only have a processing capacity of less than one Mpps at 64 Bytes.
The UK under attack
|Targeted Countries||Attacking Countries|
|United Kingdom||23.2%||South Korea||12.6%|
Similar to previous quarters, US-based websites drew the bulk of DDoS attacks, becoming the target for 47.6%, unfortunately, the report also finds that there were an increase in attacks targeting-UK based websites, attacks rose from 2.5% in Q3 to 23.2% in Q4 putting it in second place, by comparison, the next largest growth was to Japanese websites which grew from 1.2% to 8.6% putting it in third place. The majority of attacks were from China, South Korea, US and Vietnam