Q1 DDoS attack recap: well, the good news is attacks are getting shorter
Welcome to the recap of DDoS attacks in the first quarter of 2017, where good news isn’t really good at all. With the way DDoS attacks have dominated headlines in the last few years, even casual observers of online security matters would assume there’s no way attacks are getting shorter because they’re easing up and becoming less of a threat, and they would be right.
DDoS mitigation specialists Incapsula did their regular dive into the DDoS happenings of Q1 2017, and what they found is bad news for the major online players and smaller websites alike.
photo/ Gerd Altmann via pixabay
The bad news
Incapsula compiled their Q1 Global Threat Landscape Report by analyzing the over 17,000 attacks they mitigated in the quarter. In terms of the big picture, they noted a decrease in network layer attacks with just 269 per week, making Q1 2017 the fourth quarter in a row in which the number of network layer attacks fell. The flip side of that statistic? Application layer attacks reached an all-time high, ringing in at 1,099 per week. The largest application layer attack mitigated in Q1 was 176,000 requests per second (RPS), already higher than 2016’s reigning Incapsula-mitigated champion, which was 173,000 RPS.
They also noted, as mentioned, that attacks on average are getting shorter with 80% of attacks lasting less than one hour. However, this is due to the ever-increasing availability and popularity of DDoS for hire services.
Attacks that didn’t fall into the short and low-volume category were more complex in the last quarter. Of those 269 network layer assaults per week, a full 40% of them were multi-vector, compared to 29% in Q4 2016. In addition to increased complexity, the Q1 distributed denial of service scene was characterized by increased frequency. Seventy-four percent of Incapsula-protected clients were targeted more than once, and 19% of them were targeted more than ten times – both statistics reigning as the highest on record. One science news website alone was targeted 1,046 times.
Two types of attackers
The above statistics point, in general, at two different types of DDoS attackers. Behind those quick burst, low-volume attacks coming from DDoS for hire services are a swatch of nonprofessional attackers. These services allow anyone with an internet connection and a few extra bucks to take aim at whichever websites they’d like and require next to no DDoS know-how.
On the other hand, those complex multi-vector network layer attacks are coming from skilled attackers who have the ability to switch attack types on the fly in order to attempt to circumvent mitigation efforts – a major problem for websites using on-premise or DIY DDoS protection, especially if those measures don’t have much scalability when it comes to bandwidth, which they often don’t. (Without a massive bandwidth bill, that is.)
Two types of targets
With two types of attackers come two types of targets. The average small website that largely flies under the internet’s radar may not have to worry about being slammed by a multi-vector attack from a professional cyberattacker, but the owners of those websites can’t assume they’re immune to DDoS attacks. Thanks to those DDoS for hire services, almost every website on the internet is a potential target for bored users looking to get the most bang for their buck. Not only are these websites at risk of attack, but they may also find themselves on the receiving end of the extortion attempt that accompanies a DDoS ransom note.
Conversely, online gaming sites or online casinos have no reason to sweat those low-volume attacks coming from DDoS for hire services. However, sites whose revenue depends on their users, such as ecommerce sites, need to be very concerned about that uptick in attack complexity as well as the onslaught accompanying the increased attack frequency. Internet users simply have too many options to stick with a website experiencing outages from one of the most widely known internet threats.
The only good news business and website owners are going to get when it comes to distributed denial of service attacks will stem from their professional DDoS protection. Without these mitigation measures, it’s going to be all bad news for the foreseeable future.
Author: Debbie Fletcher
