DDoS Targets, Motivations Evolve as Attack Volumes Hit New Peaks

Criminals and rogue gamers have become the main sources of distributed denial-of-service attacks, as the peak attack size reaches 500G bps.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

DDoS Attacks Evolve

Distributed denial-of-service attacks used to be reserved as the not-so-subtle tool of vandals and hacktivists.

Increasingly, however, other actors are using DDoS attacks for a variety of ends. Criminals clog networks to demonstrate their capabilities and extort money from companies. Rogue gamers attack rivals to gain advantage in online arenas. In fact, criminal and online gaming- and gambling-related motivations topped the list of suspected reasons for DDoS attacks in 2015.

"It definitely points to how this is becoming more of a mainstream tool in hackers' arsenals compared to the past when it was more often done as more of a nuisance or antagonistic way, rather for criminal gain," Gary Sockrider, principal security technologist at Arbor Networks, told eWEEK.

The most recent data from Arbor and other companies shows an evolving picture of DDoS attacks. In its 11th Worldwide Infrastructure Security Report, Arbor Networks found that, in addition to changing motivations, the peak bandwidth of the most powerful attacks has increased, attackers are more likely to target specific applications and attacks against voice-over-IP (VOIP) services have increased.

The report surveyed IT and security professionals at Internet service providers, enterprises, government agencies and educational institutions on the denial-of-service trends witnessed by their organizations.

In a separate analysis, security firm Kaspersky Lab found that while the attacks targeted resources in 69 countries, just three nations—China, South Korea and the United States—accounted for more than 80 percent of all targets. In its latest State of the Internet report, Akamai found that the United Kingdom, China and the United States were the largest sources of attacks.

"It has been pretty dramatic, over the past year, how popular DDoS has become," said David Fernandez, editor in chief of Akamai's State of the Internet report.

Nor is it surprising that peak attack volumes increase in 2015. The largest attack peaked at 500G bps, according to Arbor. And, the longest attack lasted more than 15 days, according to Kaspersky.

"The volumetric stuff gets the headlines and big numbers are scary, but it's not the whole story," Sockrider said. "The only time I'm surprised by the big numbers is when they don't get bigger."

The average target has to deal with more modest threats. The average attack consumes less than 500M bps and lasts less than 30 minutes, according to Arbor's data.

What does the future hold? Here are five trends to watch for in 2016, according to the data.

1. DDoS used for a greater variety of nefarious ends

In 2012, Internet service providers and companies targeted by DDoS attacks believed the largest proportion of attacks could be attributed to political and hacktivist attackers. In Arbor's 2012 Worldwide Infrastructure Security Report, ideological and political motivations accounted for a third of attacks, online gaming-related attacks accounted for 31 percent and vandalism accounted for 27 percent.

In the latest report, Arbor found that 42 percent of respondents blamed attacks on criminals trying to demonstrate their capabilities, another 41 percent connected attacks to online gaming and 35 percent to extortion. (Respondents could choose more than one motivation, so they total more than 100 percent.)

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...