During Q1 2017, a reduction in average DDoS attack duration was witnessed, thanks to the prevalence of botnet-for-hire services that commonly used short, low-volume bursts.
Imperva Incapsula's latest Global DDoS Threat Landscape Report analysed more than 17,000 network and application layer DDoS attacks that were mitigated during Q1 2017.
Igal Zeifman, Incapsula security evangelist at Imperva told SC Media UK: “These attacks are a sign of the times; launching a DDoS assault has become as simple as downloading an attack script or paying a few dollars for a DDoS-for-hire service. Using these, non-professionals can take a website offline over a personal grievance or just as an act of cyber-vandalism in what is essentially a form of internet trolling.”
The research found that more and more assaults occurred in bursts, as 80 percent of attacks lasted less than an hour. Three-quarters of targets suffered repeat assaults, in which 19 percent were attacked 10 times or more.
For the first time, 90 percent of all network layer attacks lasted less than 30 minutes, while only 0.1 percent of attacks continued for more than 24 hours. The longest attack of the quarter continued for less than nine days.
Researchers observed a higher level of sophistication on the part of DDoS offenders, reflected by the steep rise in multi-vector attacks. These accounted for more than 40 percent of all network layer assaults in Q1 2017.
In terms of worldwide botnet activity, 68.8 percent of all DDoS attack requests originated in just three countries; China (50.8 percent), South Korea (10.8 percent) and the US (7.2 percent).
Others on the attacking country list included Egypt (3.2 percent), Hong Kong (3.2 percent), Vietnam (2.6 percent), Taiwan (2.4 percent), Thailand (1.6 percent), UK (1.5 percent) and Turkey (1.4 percent).
The US, UK and Japan continued to top the list of most targeted countries. Over the past year Singapore and Israel joined that list for the first time.