The Distributed Denial of Service landscape is changing significantly, according to the January threat report (PDF) from DDoS mitigation provider Black Lotus. Some of the key trends reported include: “Distributed reflection Denial of Service” (or DrDoS) enabling massive attacks exceeding 100 gigabits per second; attacks targeting infrastructure rather than applications directly; and DDoS attacks from mobile devices (or mDDoS) now reaching significant levels.
The latest report has outlined some of the trends using data from Black Lotus’ network and customer base in December 2013. In December, the average DDoS attack size of 3.1 Gbps and 1.5 million packets per second, which is enough to flood many organizations with requests and prevent legitimate traffic from reaching its intended destination.
Even larger enterprises that have the available bandwidth necessary for high-volume attacks may find that their networks lack the infrastructure to process large bit or packet volumes. And DDoS attack detection and mitigation infrastructure can also be handicapped by the network equipment and the bandwidth available to the company that’s often 10 Gbps or less.
The largest single attack that Black Lotus came across in December was 137 Gbps and 37 Mpps. Mobile traffic contributed to the size of this attack. Black Lotus specifically singled out the high-speed LG Dacom (or LG U+) mobile service as a major contributor.
Also, attacks over the period have often sought out weaknesses in individual server applications (known as “layer 7”) causing resource depletion and the server to become unresponsive. Attackers often use a multi-vector technique that strikes a target with multiple types of traffic to find weaknesses in the target’s defenses. The most common applications targeted were HTTP servers and DNS servers.