Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Network Layer DDoS Attacks Hit Record Levels: Imperva

Distributed denial of service (DDoS) attacks continue to grow in size and sophistication, with network layer attacks reaching record levels in the fourth quarter of 2016, Imperva reports.

Distributed denial of service (DDoS) attacks continue to grow in size and sophistication, with network layer attacks reaching record levels in the fourth quarter of 2016, Imperva reports.

According to the company’s latest quarterly Global DDoS Threat Landscape Report, the emergence of powerful Internet of Things (IoT) botnets and the declining costs of DDoS-for-hire services are driving the increased threat of disruptive DDoS attacks. While network layer attacks grew in size, application layer incidents increased in frequency, the report reveals.

The largest DDoS attack mitigated by Imperva in Q4 2016 was a 650 Gbps (gigabit per second) assault fueled by the IoT botnet called Leet Botnet (in the previous quarter, Akamai dealt with a similar attack, which was fueled by the Mirai botnet). The last three months of 2016 also registered the longest network layer attack of the year, which lasted for 29 days.

During the last quarter of 2016, Imperva mitigated an average of 280 network layer attacks per week, totaling 3,603 and marking a 39.4% drop from the previous quarter. Most of the attacks were very short, with 89% of them lasting for less than one hour, the security company says.

Single-vector network attacks went up to a yearly high of 71%, while the percentage of assaults in which five or more different payloads were used dropped from 3.9% in Q3 to 1.9%.

“With respect to multi-vector attacks, the downward trend we’re seeing can likely be attributed to the increase in less-sophisticated assaults being instigated by non-professional perpetrators using botnet-for-hire services,” Imperva says.

In the October – December timeframe, Imperva mitigated 11,727 application layer attacks, for an average of 889 per week, a 2.9% increase from Q3 2016. The largest incident reached 91,209 RPS (requests per second), being significantly smaller compared to the annual high of 173,633 RPS registered in the prior three months. The longest attack lasted 47 days, but most attacks (74.7%) lasted less than an hour.

Attack frequency went up, with 58.3% of targets being hit multiple times, compared to 54.7% in Q3. Furthermore, 13.1% of sites were targeted more than ten times during the timeframe, “the highest figure ever recorded for this attack frequency category,” according to Imperva.

Advertisement. Scroll to continue reading.

The quantity of sophisticated, browser-based bots that retain cookies and execute JavaScript rose to 13.6% in Q4, up from only 8.0% in Q3. “But primitive bots are still predominant and reflect the growing use of botnet-for-hire services. Over the past year, Incapsula has detected a noticeable correlation between the level of bot sophistication and attack duration,” the security firm notes.

When it comes to botnet activity in the timeframe, China emerged as the top attacking country at 78.5%, followed by Vietnam at 4.5%, and South Korea at 2.9%. The United States was the most targeted country at 56.7%, followed by the United Kingdom at 9.6% and the Netherlands at 8.6%. These numbers do not mean the actual threat actors behind the attacks are located in those countries.

Related: IoT Botnets Fuel DDoS Attacks Growth: Report

Related: What’s the Fix for IoT DDoS Attacks?

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.