DDoS threats analysed in global threat report

Imperva has released its Q2 2017 Global DDoS Threat Landscape Report, a statistical analysis of more than 15,000 network and application layer DDoS attacks mitigated by Imperva Incapsula’s services during Q2 2017. Information about DDoS bot capabilities and assumed identities comes from a random sample of 39.1 billion DDoS bot requests collected from such assaults over the same period.

  • 6 years ago Posted in
Key findings from the report include:
  • Overall, the number of DDoS attacks decreased
  • A “Pulse wave” assault, a new form of attack that was identified by Imperva researchers earlier this year, was the largest attack of the quarter
  • The number of repeat attacks escalated and US websites were targeted more than any other sites around the world
  • Increased botnet activity was observed coming from Turkey, Ukraine and India
Igal Zeifman, Incapsula security evangelist at Imperva, explained:
“For the fifth consecutive quarter, we saw a decrease in the number of network layer assaults, which dropped to a 196 per week from 296 in prior quarter.  We also saw a small dip in application layer attacks, which fell to 973 per week from an all-time high of 1,099.

There is no reason to assume that the minor decline in the number of application layer assaults is the beginning of a new trend. Conversely, the persistent year-long downtrend in the amount of network layer attacks is a strong sign of a shift in the DDoS threat landscape. There are several possible reasons for this shift, one of which is the ever increasing number of network layer mitigation solutions on the market. The commoditization of such services makes them more commonplace, likely driving attackers to explore alternative attack methods.   
The largest network layer assault we mitigated in Q2 2017 peaked at 350 Gbps and was carried out using a new "pulse wave" tactic that we encountered on multiple occasions throughout the quarter, which enables an offender to pin down multiple targets with alternating high-volume bursts.
In the second quarter of the year, 75.9 percent of targets were subjected to multiple attacks—the highest percentage our research has ever recorded.  Notably, US-hosted websites bore the brunt of these repeat assaults—38 percent were hit six or more times, out of which 23 percent were targeted more than 10 times.  This increase in the number of repeat assaults is another clear trend and a testament to the ease with which application layer assaults are carried out.  What these numbers show is that, even after multiple failed attempts, the minimal resource requirement motivates the offenders to keep going after their target.
Even with mitigation solutions in place, such repeat assaults have a potential of becoming a war of attrition - an equivalent of laying siege on an impenetrable target. The prevalence of such attacks highlights the need for an automation of DDoS mitigation solutions, enabling them to deal with a slew of attacks without wearing down the IT team or causing any noticeable disruption to legitimate service users.

In Q2 we saw increased botnet activity out of Turkey, Ukraine and India. In Turkey, we recorded over 3,000 attacking devices that generated over 800M attack requests, more than double what we saw last quarter. In Ukraine and India, we recorded 4,300 attacking devices, representing a roughly 75 percent increase from Q1 2017. The combined attack output of Ukraine and India was 1.45 billion attack requests for the quarter.”
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...