DDoS attacks rose by 20 percent last quarter, and have risen across the board in size, strength, and duration, according to the latest report from DDoS mitigation provider Prolexic. The Q2 2013 report identified major increases in both the bandwidth and packet-per-second (pps) rates of DDoS attacks.
The average pps rate reached 47.4 Mpps, up 46 percent over the previous quarter. This increase, though substantial, represents a slower rate of increase after major jumps Q3 and Q4 2012. Compared to Q2 2012 the total increase in average pps rate was 1,655 percent.
The bandwidth of attacks also rose to 49.24 Gbps, which like pps rate increased by much slower 2 percent after huge increases in 2012. Attack bandwidth was 925 percent higher year over year, despite the limited growth of the last quarter.
“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” Stuart Scholly, president at Prolexic said in a statement. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.”
Attack duration also increased by 10 percent over the previous quarter, bringing the total increase in attack length of time to 123 percent compared with a year ago. This increase follows a significant decrease in attack duration in 2011 and early 2012.
“Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets,” Scholly said. “The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets.”
The increasing ease with which attackers used compromised servers to build botnets is troubling to hosting providers as it carries not only the increased risk of being victimized directly by DDoS attacks, but also of having servers compromised and used against others.
Layer 3 and 4 infrastructure attacks outnumbered application layer attacks almost 3 to 1, however layer 7 application attacks increased by 79.4 percent while infrastructure attacks increased at a less shocking 23.2 percent. SYN attacks were the most common type, representing nearly a third of the attacks observed by Prolexic.
Prolexic also recently foiled the largest DNS reflection attack ever recorded, and makes a case study of this attack in the Q2 report.
Prolexic identified software application development as an area in which the potential use by attackers can be anticipated and reduced. Keeping application response byte size lower than incoming queries decreases susceptibility to spoofing. Network operators and IT organizations can reduce threats by dealing with security issues which might lead to servers becoming compromised.