Amid an increase in frequency of repeat application layer distributed denial of service (DDoS) attacks during the second quarter of the year, over 75% of targets were hit multiple times, according to statistics from Imperva.
The company’s Global DDoS Threat Landscape for Q2 2017 shows an increase in the amount of persistent application layer assaults over a one-year period. Thus, while only 43.2% of targets were subjected to multiple attacks in the second quarter of 2016, the percentage increased to 75.8% during the same three-month window this year.
The number of application layer attacks observed each week has reached 973 in Q2 2017, down from 1,099 per week in the previous quarter. The number of mitigated network assaults decreased as well, falling from 296 per week in the prior quarter to only 196 per week.
The largest network layer attack that Imperva mitigated during the quarter peaked at 350 Gbps (gigabit per second) and employed a new tactic called a pulse wave attack. First described in August, this method of launching DDoS attacks can be used to pin down multiple targets with alternating high-volume bursts.
Imperva’s report also reveals that United States websites were hit the most with repeat application layer attacks. While the global percentage of targets hit multiple times is of 75.8%, it reaches 80.3% when U.S. websites are considered. Furthermore, the majority of targets that suffered 50 or more attacks were hosted in the US.
Multi-vector attacks went down significantly during the quarter, to only 21.7%, after reaching a record high 40.5% during the previous quarter. The decrease, Imperva says, can be attributed to the steep drop in 2-vector assaults, which fell from 33.5% to 9.4% quarter over quarter. 78.3% of all attacks consisted of a single vector, the company reveals.
The quarter also marked a continuation of a trend toward short burst network layer attacks (91.7% of assaults lasted less than an hour). Most of these attacks can be attributed to botnet-for-hire, but pulse wave assaults and probing attempts also added to the numbers. Overall, 82.5% of attacks lasted less than 30 minutes, while the longest attack of Q2 2017 lasted for more than 147 hours.
The largest application layer attack observed during the quarter peaked at 89,134 requests per second, which was merely half of the 176,393 RPS attack registered during the previous quarter. On the other hand, the attack lasted for 48 days, more than twice as long as the one in Q1 2017.
During Q2 2017, 57.4% of all application layer assaults lasted for less than 30 minutes, while the number of persistent attacks increased, with 7.4% of attacks lasting more than six hours and 1.7% being longer than 24 hours.
According to Imperva, the number of primitive bots grew from 90.4% in Q1 to 97.9% in Q2, which reflects an increase in non-sophisticated application layer attacks typically associated with botnet-for-hire services.
Attacks against the U.S. accounted for 79.7% of all attacks, although the country was home to only 61.4% of targets. According to Imperva’s report, 38% of DDoS targets in the U.S. were exposed to six or more DDoS attacks in the span of the quarter.
China remained the top attacking county, with more than 360,000 attacking devices and 63% of attack traffic. Imperva also reports an increase in attack traffic out of Turkey, Ukraine and India.