Connect with us

Hi, what are you looking for?


Network Security

DDoS Attacks Continue to Rise in Power and Sophistication

Distributed denial of service (DDoS) attacks observed in the first quarter of 2016 grew more advanced and more sophisticated, Imperva’s Global DDoS Threat Landscape Q1 2016 reveals.

Distributed denial of service (DDoS) attacks observed in the first quarter of 2016 grew more advanced and more sophisticated, Imperva’s Global DDoS Threat Landscape Q1 2016 reveals. This should not come as a surprise, as DDoS attacks have been growing in both size and sophistication for years, but Imperva’s latest report provides a glimpse into some new tools and attack methods being used by threat actors.

According to the security firm, cybercriminals are experimenting with elaborate tools and attack methods to carry out network assaults. Imperva researchers observed changes in both application and network layer attacks and also say that there has been a shift in the activity of DDoS botnets.

When it comes to application-layer attacks, cybercriminals have increased the use of browser-like DDoS bots capable of bypassing standard security challenges by 36.6 percent, although the increase was only 6.1 percent in the previous quarter. Additionally, attackers are trying new ways of executing application layer assaults, such as a HTTP/S POST flood in an 8.7 gigabits per second Layer 7 attack.

Researchers also note that the frequency of attacks continued to increase in the first quarter of 2016, as 50 percent of the attacked sites were targeted more than once. Moreover, they found that 31.8 percent of websites were targeted between two and five times, up from only 26.7 percent before.

Out of 5,267 application layer attacks during the timeframe, 87.8 percent lasted for more than 30 minutes, with the longest lasting for 36 days (and is ongoing). The largest attack that Imperva saw peaked at 100,100 requests per second. Additionally, they found that 18.9 percent of DDoS bots could bypass cookie challenges, and 17.7 percent of them could bypass both cookie and JS challenges.

In the network layer DDoS attacks segment, the security company observed a 33.9 percent increase in multi-vector attacks, as perpetrators tend to combine high Gbps and high Mpps attack vectors. The largest attack witnessed peaked at 200+ gigabits per second, with the highest attack rate reaching 120+ million packets per second.

Imperva says that it mitigated a total of 3,791 network layer attacks in the first three months of the year, and that the longest lasted 48.5 hours. The security company also notes that it encountered multiple 100+ Gbps assaults, and that 50+ Mpps attacks occurred every four days and an 80+ Mpps assault was recorded every eight days, on average.

Advertisement. Scroll to continue reading.

During the three-month period, researchers also observed an increase in botnet activity in South Korea, which was the origin of 29.5 percent of DDoS botnet attacks, with most of the attacks originating from Nitol (52.9 percent) and PCRat (38.2 percent) botnets. Over 38.6 percent of these attacks were launched against Japanese websites, while another 30.3 percent targeted US-hosted sites, researchers say.

In addition to an increase in the use of Nitol in the first quarter of the year, Imperva observed a steep growth in the use of Generic!BT bot, a Trojan that usually compromises computers running Windows OS. First identified in 2010, the malware’s variants are now used in DDoS attacks from 7,756 unique IPs located in 52 countries, most of which are located in Russia (52.6 percent) and Ukraine (26.6 percent).

Related: Sweden Military Servers Hacked, Used in 2013 Attack on US Banks

Related: DB Networks Unveils Layer 7 Database Security for OEMs

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...