Large DoS Attacks More Than Quadruple in 2013: Study

The majority of denial-of-service attacks now exceed 1G bps, according to a new report from Arbor Networks.


While the vast majority of denial-of-service attacks continues to be the typical background "noise" of rival gamers, online criminals and Internet vandals causing problems for each other, the more serious, higher-bandwidth attacks have quadrupled, according to a quarterly report released Oct. 16 by Arbor Networks.

Denial-of-service (DoS) attacks exceeding 20G bps, which will overwhelm almost any online service's bandwidth, more than quadrupled so far in 2013, compared with the previous year, according to the network management firm. While the attacks account for only approximately 1 percent of all data floods, the increase in large-bandwidth DoS attacks suggests that more serious groups are now using denial of service as a common tactic.

The surge in the number of "over 20G bps attacks shows that you have a lot of activity driven by other motivations," Dan Holden, Arbor's director of security research, told eWEEK. "That number increasing that much is showing that there is a lot of growth in more serious attack motivations."

Denial-of-service attacks are increasingly used as part of hacktivism and cyber-criminal campaigns in a variety of ways. Extortion scams used packet floods to overwhelm online gambling, retail and other sites that quickly lose money if their customers cannot connect; paying the ransom will allegedly stop the attacks, for a while. Online thieves use DoS attacks to distract defenders at financial institutions, so they are less vigilant during account thefts. Hacktivists, such as the al Qassam Cyber Fighters, disrupted financial institutions to incur costs to Western companies.

Yet most attacks are gamers who use short DoS attacks to kick opponents offline during a game, rival cyber-criminal organizations who seek advantage in the underground and Internet vandals who do it for fame. These "short, sharp" attacks have dominated packet floods, according to Holden. While the bandwidth used by the average DoS attack jumped 78 percent, seven out of every eight attacks lasts less than an hour.

"Historically, most of your DDoS [distributed denial of service]... is gamers and is very typical of what we all did on IRC [Internet Relay Chat] in the '90s," Holden said. Online arguments among early hackers occasionally devolved into battles to kick each other offline. "If you have enough bandwidth at home, or a small botnet, you can easily take someone offline."

Attacks that used bandwidth of more than 10G bps accounted for more than 4 percent of all attacks, while the largest confirmed DoS attack topped 191G bps, according to Arbor. Those more serious packet floods lasted 2 hours and 17 minutes on average, the report stated.

While larger-bandwidth attacks are becoming the norm, Holden pointed out that the increases are partially offset by the growth in capacity of the Internet. In many ways, attackers have to increase the size of their attacks just to have the same impact as in the past, he said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...