DDoS attacks: Now shorter but more powerful

News by Steve Gold

DDoS attacks are still a major headache for major corporates.

Distributed-denial-of-service (DDoS) attacks are getting shorter, but more powerful than previously, claims a report just released by the threat response and research team with NSFocus.

The DDoS research and remediation firm says that results of the report are based on data from actual incidents of attacks that occurred during the first half of 2014.

Thanks to their short duration, the company says it has observed attacks taking place several times within a short space of time - but with much higher volumes than seen previously.  

Delving into the report reveals that attacks continue to be short in duration, but with repeated frequency - more than 90 percent of attacks detected lasted less than 30 minutes.

This ongoing trend, says the report, indicates that latency-sensitive Web sites, such as online gaming, e-commerce and hosting services should be prepared to implement security systems that support rapid response.

DDoS traffic volume, meanwhile, was up overall with a third peaking at over 500 Mbps and more than five percent reaching up to 4 Gbps.

On top of this, the findings show that over 50 percent of DDoS attacks were above 0.2 Mpps in the first half of 2014 - increasing from around 16 percent seen during the same period last year.

In addition, says NSFocus, more than 2.0 percent of DDoS attacks were launched at a rate of over 3.2 Mpps, whilst attacks targeting ISPs increased by 87.2 percent, enterprises by 100.5 percent and online gaming by 60 percent.

The highest frequency of attacks experienced by a single victim, says the report, was 68 separate DDoS attacks.

Terence Chong, NSFocus' solutions architect, said that the company has been maintaining a continuous review of DDoS attacks over recent years, and has observed that the trends constantly change as attacks morph and hacker behaviour evolves.

"To stay ahead of these trends, we strongly encourage our customers to take a defensive approach in identifying and mitigating these threats before they happen," he explained.

According to the report, the ongoing trends in the duration and the size of the attack traffic can most likely be attributed to a variety of elements including technological developments, network environment evolution and changes in the pattern of DDoS for profit.
"Firstly, technological developments provide more tools for DDoS hackers to exploit, although this is not the most critical factor. Second, the evolution of the network environment makes the battlefield on which DDoS attack and defence occur more complicated," concludes the analysis.

"Diversification of the available tactics, tools and general acceptance of some efficient principles coexist. Finally, the most important factor is the change in the self-interest pattern. Since most attackers are still profit-driven, changes in their self-interest share have produced the greatest impacts on today's attack behaviours," it adds.

DDoS - the fourth most common attack vector

Keith Bird, UK managing director with Check Point, said that his firm's 2014 security report found that DDoS is the fourth most common way for cybercriminals to attack an organisation, accounting for 23 percent of all attack incidences last year.

"This is consistent with today's report that has found that DDoS remains high volume. However, at face value, this research would suggest that the IT security sector and network defences are coping with DDoS attacks far more efficiently than before, reducing the longevity of attacks," he said.

"Whilst this is encouraging it is important that organisations continue to implement strong, multi-layered defences, including threat emulation and intelligence sharing, to ensure that this trend is not reversed," he explained.

Over at Arbor Networks, another DDoS research and remediation firm, a spokesperson said that the firm's Atlas Q2-2014 DDoS attack update showed that the majority of DDoS attacks are short-lived, with 90.6 percent lasting shorter than an hour.

On top of this, Arbor's research also found that the average duration of attacks over 10G in size is 1 hour 38 minutes - which was up significantly from the 54 minutes average seen in the first quarter.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews