Top-End DDoS Attack Bandwidth Surges Sevenfold: Report

The average bandwidth of large DDoS attacks in the first quarter rose to more than 48G bps. Application-layer attacks continued to account for about a quarter of all attacks.

The average size of the largest distributed denial-of-service (DDoS) attacks jumped sevenfold in the first quarter of 2013, as attackers flooded networks with massive amounts of data packets, Internet-security firm Prolexic stated in its latest threat report.

Fueled by compromised servers running malicious "booter" scripts, denial-of-service attacks on Prolexic clients, which see some of the largest attacks, surged to 48G bps from an average of 6.1G bps the year before. The average attack sent 32 million packets per second, about eight times greater than a year before.

Attacks that flood networks with smaller packets "put a lot more stress on the routers and the equipment on the edge because those machines have to deal with those packet loads," Stuart Scholly, president of Prolexic, told eWEEK. "That is where the attackers can cause a lot more strain on the environment by tying up resources."

While financial institutions continued to be targeted by large bandwidth DDoS attacks during the first three months of 2013, many other industries were attacked as well, including bitcoin exchange Mt.Gox, and the largest attack yet against an unnamed firm allegedly topping 300G bps. However, Prolexic stated that the largest attack against a single network was only 130G bps.

On April 19, a large DDoS attack interrupted operations at community comment site Reddit. Whether the attack had links to Reddit readers' spotty reporting regarding potential Boston Marathon bombing suspects is unknown, Marty Meyer, president of Corero Network Security, said in a statement.

"At the end of the day, we still have yet another high-profile DDoS attack in what is becoming a daily routine of sites being flooding with unwanted traffic. Attacks are moving beyond banks and retailers," he said.

Prolexic tends to protect companies hit with the largest attacks, making its data less representative of the overall DDoS attack landscape and more representative of the highest-profile attacks.

On April 22, network security firm Arbor Networks, which makes appliances for mitigating DDoS attacks, will release its own report finding that the average attack grew to 1.77G bps, compared with 1.48G bps in the same quarter in 2012. Arbor's network covers some 90 percent of Tier-1 service providers and many Tier 2 and 3 providers.

Prolexic "will typically only see an attack when it is diverted to them," Carlos Morales, Arbor Networks' vice president of global sales engineering and operations, told eWEEK in an email. "The biggest attacks are the ones that are most likely to be diverted to a cloud provider such as Prolexic, so this may explain why they claim such a high average."

Nearly a quarter of the attacks that Prolexic defended against were aimed at overwhelming Web applications and other services by crafting resource-intensive requests. Such application-layer attacks have become more popular and are frequently embedded in the larger infrastructure attacks. The average attack duration rebounded from its slow decline in past quarters, rising to 34.5 hours from 32.2 hours in the previous quarter.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...