DDoS attacks resemble Advanced Persistent Threats in sophistication

Imperva has released its Q2 2015 Global DDoS Trends Report. The report findings, based on over 3,000 mitigated DDoS attacks and 60 million blocked bot sessions across all sites which were protected using Imperva Incapsula, show a high frequency and long duration of DDoS attacks against organizations during the period from March 1 through May 7, 2015.

  • 8 years ago Posted in

The report also details DDoS attacks that are beginning to resemble advanced persistent threats, evidenced by long durations, repetition and changing attack vectors aimed at evading simple, signature-based defense systems. At the other end of the spectrum, there is increased evidence that inexpensive botnet-for-hire services are being used to perpetrate attacks. With these tools costing as little as $19.99 per month, and available for online purchase using Bitcoin, the barrier to mounting attacks has dropped significantly.


Key report findings include:
Some companies face advanced, persistent DDoS. The longest attack seen during the research period was 64 days, with many other sustained attempts to bring down sites observed. The researchers also noted a shift in DDoS bot populations, with more and more impersonator bots assuming non-generic identities, in an effort to bypass rudimentary signature-based security solutions. The long durations and advanced, signature evading methods suggest DDoS is beginning to resemble advanced persistent threats, also known as APTs.
Companies that are attacked will likely be attacked again. Once targeted by an application layer attack, a website will likely be attacked again once every 10 days on average, with 17 percent of sites attacked more than five times, 10 percent attacked more than 10 times, and several sites that were attacked every day, during the 72-day research period.
DDoS attacks may continue for a sustained period. During the research period, seventy-one percent of all network layer attacks lasted under three hours, and over 20 percent last over five day?s.
Cheap ”botnet-for-hire” services endanger a growing percent of the Internet ecosystem. Short, single-vector attacks associated with botnet-for-hire services accounted for approximately 40 percent of all network layer attacks during the research period.


“Compared to just a few years ago, the frequency, sophistication and duration of attacks have noticeably increased based on our findings in the Q2 2015 Global DDoS Trends Report,” said Marc Gaffan, general manager for the Incapsula service at Imperva. “Professional hackers are mounting advanced attacks that are now resembling advanced persistent threats. We believe that this increased sophistication is due to attackers studying how DDoS mitigation solutions detect and block attacks and implementing new techniques to attempt to bypass them. As a result, it’s important for enterprises of all sizes to understand the risks DDoS attacks pose and create a readiness plan.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...