5 Reasons DDoS Attacks Are Gaining Strength2:00 PM EST Wed. Apr. 17, 2013
The size and duration of distributed denial of service attacks is on the rise, according to the latest report issued by Hollywood, Fla.-based Prolexic Technologies, a maker of anti-DDoS appliances. The firm said DDoS campaigns against many U.S.-based banks and financial services organizations contributed to the increase in attacks. Prolexic found the average attack bandwidth increasing from 5.9 Gbps to 48.25 Gbps in the first quarter of 2013. The average attack duration also shot up more than 7 percent to 34.5 hours, the firm said.
Prolexic identified an increase in the targeting of Internet Service Providers and carrier router infrastructure. The firm said the packet-per-second rate averaged 32.4 Mbps, which can cause significant issues for other mitigation providers and carriers. "Even routers that carry traffic to the mitigation gear have trouble with packet rates at this level," Prolexic said in its report. "As a result we are entering a situation where simply moving such a large amount of attack traffic to a scrubbing center can be problematic."
DNS Reflection attacks, the technique used in the high-profile DDoS campaign against the nonprofit antispam organization Spamhaus, is increasing in popularity, according to Prolexic. The firm said it mitigated such an attack against its name server in January. Although the attack was short, it was high in volume, reaching more than 20 Gbps. DNS attacks, Prolexic observed in the first quarter of 2013, increased nearly 7 percent over the previous quarter. The DNS Reflection attack technique has been used for about a decade and takes advantage of poorly configured DNS servers, helping boost the strength of DDoS attacks with fast and inexpensive bandwidth.
Attackers launched Layer 3 and Layer 4 attacks against bandwidth capacity and routing infrastructure over application layer attacks, Prolexic said. The firm said infrastructure attacks increased 3.6 percent in the first quarter of 2013 compared to the previous quarter. The infrastructure attacks accounted for 76.5 percent of total attacks during the quarter. The firm said March was a particularly troublesome month, accounting for 44 percent of the quarter's attacks.
Application layer DDoS attacks declined 3.8 percent in the first quarter of 2013 compared to the fourth quarter of 2012. The Layer 7 attacks came in the form of HTTP GET floods, which sometimes appear as legitimate traffic and eventually the traffic overwhelms the application running the web server. Widely available commercial and public DDoS kits make GET floods the standard method of attack, Prolexic said. "SSL GET floods add additional stain to the victim web servers as processing power is utilized to decrypt incoming traffic," Prolexic said.
Attacks exceeded 100 Gbps multiple times in the first quarter of 2013, Prolexic said, adding that the campaigns it is seeing appear to be coordinated and from skilled attackers. The firm said it mitigated an attack that exceeded 160 Gbps. More than 10 percent of attacks now exceed the 60-Gbps threshold, the company said. Vulnerabilities in unpatched web servers are fueling many of the biggest attacks, according to Prolexic's analysis. "Attacks that have generated the highest bandwidth and packets-per-second volume against our infrastructure have been targeted attacks from infected web servers with use-level permissions," Prolexic said.