- The nature of distributed denial of service (DDoS) attacks is evolving with more frequent and intense events of shorter duration now the norm
- Cyberattackers are training their sights on high-profile targets such as financial services but no organization is immune
The threat landscape is in a constant state of flux as hackers’ strategies shift and the targets of their attacks change. DDoS attacks offer one very revealing window into how the threat environment is changing. Incidents tracked by DDoS vendor Prolexic’s Engineering and Response Team (PLXsert) in Q1 2012 show that while the number of attacks remained relatively constant this quarter and last, the frequency of incidents surged 25% from Q1 2011. Financial firms proved a particularly attractive target for DDoS attacks: In Q1 2012, financial services firms were inundated with 65TB of data and 1.1 trillion packets of malicious data leveled against them during DDoS attacks, up from 19.1TB of data and 14 billion packets the previous quarter. This represents an almost 80-fold increase malicious traffic volume.
While DDoS traffic volumes aimed at financial services firms rose to dramatic heights, the duration of the attacks was actually significantly shorter than in previous quarter. The PLXsert reports that an average attack against a financial services firm in Q1 lasted 40 hours, down from 50 hours the previous quarter. The duration of DDoS attacks against all verticals fell even more dramatically, decreasing to an average of 28.5 hours last quarter from 65 hours in Q1 2011. There was also a six percent increase in the number of Layer 7 attacks targeting organizations across all industries. This reinforces the picture of a highly focused attacker that is using more sophisticated techniques to launch more intense attacks.
The DDoS attack information also provides some interesting insights into the source of the attacks. The top four countries of origin for attacks were, in order: China, the U.S., Russia, and India – all traditional botnet hotspots. By noting the number of IP addresses associated with each particular attack, Prolexic is able to get a general idea of the size of the botnets involved in each incident. Essentially, the larger the botnet is, the more powerful the attack.
This data paints an interesting – and worrying – picture of what is likely to happen in the coming months as hackers of all stripes look to engage in more attacks against high profile targets. And it is not only the Goldman Sachs of the world that need to be on alert. In this environment, no one is safe as we have seen with the hacktivist group Anonymous’ repeated successful attacks on the CIA and other public sector sites, including one just a few days ago.