Large-scale DDoS attacks grow bigger and more diversified
In addition to increasing attack sizes, attack volume grew in Q4 2012 and reached the highest number of attacks Prolexic has logged for one quarter.
Traditional Layer 3 and Layer 4 infrastructure attacks were the favored attack type, accounting for 75 percent of total attacks during the quarter, with application layer attacks making up the remaining 25 percent. This split has remained consistent throughout 2012.
This quarter, SYN (24 percent), GET (20 percent), ICMP (18 percent) and UDP (15 percent) floods were the attack types most often encountered during mitigation.
Average attack duration increased 67 percent from 19.2 hours in Q3 2012 to 32.2 hours this quarter. November was the most active month for attacks, however, the total number of attacks for all three months of the quarter were consistent, showing a less than 10 percent difference from month to month. The week of Nov. 26 was the most active of the quarter, although only by a narrow margin.
As is commonplace, the top 10 list of source countries responsible for launching the most DDoS attacks was fluid. However, this quarter China secured the top place in attack source country rankings by a wide margin.
Compared to last quarter, the United States dropped down in the rankings, while two European countries, France and Germany, rejoined the top 10 list.
“The take away for businesses from this Q4 report is to make sure that their DDoS mitigation provider can handle attacks in excess of 50 Gbpsin a single location,” said Scott Hammack, Prolexic CEO. “When attacks are this large, it’s important that the provider can mitigate this volume of attack traffic in one place and distribute it effectively so it does not compromise intermediary transit providers and affect others.”
Highlights from Prolexic’s Q4 2012 Global DDoS Attack Report:
Compared to Q3 2012
- 27.5 percent increase in total number of attacks
- 17 percent increase in total number of infrastructure attacks; 72 percent rise in total number of application attacks
- 67 percent increase in average attack duration to 32.2 hours from 19.2 hours
- 20 percent increase in average attack bandwidth from 4.9 to 5.9 Gbps
- China retains its position as the top source country for DDoS attacks.
Compared to Q4 2011
- 19 percent increase in total number of DDoS attacks
- 15 percent rise in total number of infrastructure attacks; 30 percent rise in total number of application attacks
- 6 percent decline in average attack duration to 32.2 hours from 34
- 13 percent increase in average attack bandwidth from 5.2 Gbps to 5.9 Gbps.