We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,780 News Articles

DDoS tools fuel growth in large attacks, says Prolexic

Bigger and definitely much nastier

The number of DDoS attacks reached their highest ever level for a single quarter in the last three months of 2012, recording a 19 percent year-on-year growth, mitigation vendor Prolexic has reported.

The key to understanding DDoS trends is deciding what actually matters. Is it the total number of attacks, their average size, the number of rarer massive attacks, or the type of attack employed?

Judging from Prolexic's customer base, the news is mostly bad. With the exception of a slight drop in attack duration to 32 hours compared to Q4 2011, all the other DDoS numbers show a modest but unmistakable shift towards red.

Year-on-year average attack bandwidth rose from 4.9Gbps to 5.9Gbps, with attack volumes jumping a notch in 2012 compared to a year earlier.

Three quarters of attacks are still at layer 3 and 4, which means they are packet-based attacks targeting network infrastructure; the remaining 25 percent are more complex layer 7 attacks that try to overload applications.

The company detected seven attacks greater than 50Gbps, it said, with one or two above even that huge level.

The deeper question worth asking is whether the numbers really help explain changes in the motivation of those doing the attacking or on whose behalf attacks are being carried out.

Prolexic underlines the rise of one botnet attack tool in particular, itsoknoproblembro, as being noteworthy for its connection to a number of highly targeted attacks on the US financial sector during the second half of 2012.

Prolexic doesn't say it but these have been serious enough to catch the attention of the US authorities which now suspect a state-sponsored attack on US banks by Iran.

The challenge of itsoknoproblembro is its sophistication, allowing "automated reconnaissance, exploitation, infection and attack management," to borrow Prolexic's own description.

More than half of attacks originate in China (which doesn't mean they're necessarily under Chinese control), followed by Germany, India, Egypt and Pakistan with between roughly five and ten percent each.

"The fourth quarter was defined by the increasing scale and diversity of DDoS attacks. While bandwidth attacks of 20 Gbps were the story last quarter, 50 Gbps is more relevant now," said Prolexic CEO, Scott Hammack.

"The take away for businesses from this Q4 report is to make sure that their DDoS mitigation provider can handle attacks in excess of 50 Gbps in a single location," he added.

"When attacks are this large, it's important that the provider can mitigate this volume of attack traffic in one place and distribute it effectively so it does not compromise intermediary transit providers and affect others."


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...