A continuing trend of distributed denial-of-service (DDoS) attacks that are short in duration and repeated frequently has been revealed by the NSFOCUS 2014 Mid-Year Threat report.
In parallel, high-volume and high-rate distributed denial of service (DDoS) attacks were on the upswing in the first half of 2014.
DDoS traffic volume was up overall with one-third peaking at more than 500M bps and more than five percent reaching up to 4G bps.
In addition, findings showed that over 50 percent DDoS attacks were above 0.2M pps (packets per second)in the first half of 2014, increasing from around 16 percent. More than 2 percent of DDoS attacks were launched at a rate of over 3.2M pps, according to the report.
“The DDoS attack is a relatively easy attack method to be employed with noticeable effects among other network attacks. When online service is stopped, the impact and damage it causes is very apparent and straightforward,” Xuhua Bao, senior researcher at NSFOCUS, told eWEEK. “Attacks with high frequency make it hard for attack’ targets to respond to instantly, increasing the difficulty of the defense level.”
The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps.
More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks.
“Today, DDoS attack methods have become highly instrumental and resourceable. When an attacker plans to launch a DDoS attack on a specific target, there are plenty of DDoS attack tools and resources available online to be purchased and used,” Bao said. “With the rise of hacktavism in recent years, DDoS attacks have become a means of protesting or expressing your own opinion, which is widely used by some hacker groups.”
The report revealed HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks.
DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially.
More than 90 percent of attacks detected lasted less than 30 minutes, an ongoing trend the report said indicates that latency-sensitive websites, such as online gaming, e-commerce and hosting service should be prepared to implement security solutions that support rapid response.
The survey also indicated an increase in Internet service providers (ISPs), enterprises and online gaming sites as targets. Attacks targeting ISPs increased by 87.2 percent, while attacks on enterprises jumped by 100.5 percent and online gaming by 60 percent.
“The online gaming industry has been a target of DDoS attacks and are mainly profit-driven. The nature of online gaming relies greatly on the Internet service and often there is a huge amount of money involved making them extremely sensitive to attacks,” Bao said. “When they are being attacked, there are obvious and direct economic losses, as well as the loss of the resources from players, which leads to malicious competition and extortion.”