Categories: SecurityWorkspace

Super-Charged DDoS Attacks Spike In 2012

This year has seen distributed denial of service (DDoS) attackers increase the power of DDsS attacks massively, according to figures exclusively shown to TechWeekEurope.

DDoS attacks see servers overwhelmed with traffic, causing a target’s website to go down. All kinds of organisations use DDoS attacks, from hacktivists like Anonymous to private companies wanting to stymie competition, and figures have shown they are upping their efforts.

The average size of an attack went up 27 percent in 2012, hitting 1.56Gbps in June, compared to 1.23Gbps in 2011, second quarter data from anti-DDoS vendor Arbor Networks showed. June’s average attack speed was 82 percent up on the same month in 2011.

There was also a return to growth in super-powered hits, with a 105 percent rise in the proportion of DDoS attacks measuring in at over 10Gbps. Between 2011 and 2010 that proportion was down 34 percent.

Multi-vector DDoS attacks

Arbor told TechWeekEurope that attackers were increasingly combining big volumetric attacks with stealthy application-level attacks, which are harder to identify due to a lower level of traffic.

“We are still seeing a lot of the more stealthy application layer attacks going on out there, although now they are quite often accompanied by a volumetric attack.  Attackers have learned that by generating application and volumetric attacks (multi-vector ) at the same time they can take sites and services down, and keep them down, for longer periods,” said Darren Anstee, solutions architect at Arbor.

“Using multiple vectors makes it more difficult for operational security teams to figure out exactly what is going on, as different parts of the attack can impact different areas of infrastructure. Application layer attacks target the application servers, state-exhaustion attacks target firewalls, load balancers etc.”

Despite the rise in DDoS power, the highest powered attacks have hit something of a plateau. The biggest monitored attack so far this year came in at 100.84Gbps, lasting 20 minutes, where 2011’s record of 101.394Gbps has not yet been surpassed in 2012.

“It does appear that on the Gigabit per second side of things, right at the top end, attacks sizes may have plateaued.  Why?  It could be that 100Gbps of attack traffic  is ‘all’ that is required to take down anything that has been targeted thus far, or, we could have reached some kind of limitation in some of the tools,” Anstee said.

For the first time, the port used for Xbox Live connections (port 3074) showed up on Arbor’s findings, taking up 0.76 percent of attacks. Port 80, used by the HTTP protocol, is the prime target for DDoSers, with 29 percent of strikes hitting it in Q2.

“There are unfortunately quite a lot of attacks between on-line gamers (this is multiplayer online gaming, rather than gambling).  These attacks are used either to give one player an advantage over another, or avenge a defeat,” Anstee added.

Botnets are a major part of the problem, as TechWeekEurope’s recent investigation into the underground DDoS market found. Law enforcement and industry firms continue to work with one another on knocking down botnets, as seen in last week’s effort to kill off super-spammer Grum. But most believe arrests are needed to truly counter the rise of malicious networks.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

    • Hi,

      Data comes from Arbor Networks' ATLAS initiative, which gets data from over 230 ISPs and from across its own user base, monitoring almost real-time information. ATLAS monitors a big portion of Internet traffic, reaching peaks of over 34Tbps.

      Thanks
      Tom Brewster, Deputy Editor

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago