Distributed denial of service (DDoS) attacks continue to grow in size and sophistication, with network layer attacks reaching record levels in the fourth quarter of 2016, Imperva reports.
According to the company’s latest quarterly Global DDoS Threat Landscape Report, the emergence of powerful Internet of Things (IoT) botnets and the declining costs of DDoS-for-hire services are driving the increased threat of disruptive DDoS attacks. While network layer attacks grew in size, application layer incidents increased in frequency, the report reveals.
The largest DDoS attack mitigated by Imperva in Q4 2016 was a 650 Gbps (gigabit per second) assault fueled by the IoT botnet called Leet Botnet (in the previous quarter, Akamai dealt with a similar attack, which was fueled by the Mirai botnet). The last three months of 2016 also registered the longest network layer attack of the year, which lasted for 29 days.
During the last quarter of 2016, Imperva mitigated an average of 280 network layer attacks per week, totaling 3,603 and marking a 39.4% drop from the previous quarter. Most of the attacks were very short, with 89% of them lasting for less than one hour, the security company says.
Single-vector network attacks went up to a yearly high of 71%, while the percentage of assaults in which five or more different payloads were used dropped from 3.9% in Q3 to 1.9%.
“With respect to multi-vector attacks, the downward trend we’re seeing can likely be attributed to the increase in less-sophisticated assaults being instigated by non-professional perpetrators using botnet-for-hire services,” Imperva says.
In the October – December timeframe, Imperva mitigated 11,727 application layer attacks, for an average of 889 per week, a 2.9% increase from Q3 2016. The largest incident reached 91,209 RPS (requests per second), being significantly smaller compared to the annual high of 173,633 RPS registered in the prior three months. The longest attack lasted 47 days, but most attacks (74.7%) lasted less than an hour.
Attack frequency went up, with 58.3% of targets being hit multiple times, compared to 54.7% in Q3. Furthermore, 13.1% of sites were targeted more than ten times during the timeframe, “the highest figure ever recorded for this attack frequency category,” according to Imperva.
The quantity of sophisticated, browser-based bots that retain cookies and execute JavaScript rose to 13.6% in Q4, up from only 8.0% in Q3. “But primitive bots are still predominant and reflect the growing use of botnet-for-hire services. Over the past year, Incapsula has detected a noticeable correlation between the level of bot sophistication and attack duration,” the security firm notes.
When it comes to botnet activity in the timeframe, China emerged as the top attacking country at 78.5%, followed by Vietnam at 4.5%, and South Korea at 2.9%. The United States was the most targeted country at 56.7%, followed by the United Kingdom at 9.6% and the Netherlands at 8.6%. These numbers do not mean the actual threat actors behind the attacks are located in those countries.
Related: IoT Botnets Fuel DDoS Attacks Growth: Report
Related: What’s the Fix for IoT DDoS Attacks?