Connect with us

Hi, what are you looking for?


Network Security

Three in Four DDoS Targets Hit Multiple Times: Imperva

Amid an increase in frequency of repeat application layer distributed denial of service (DDoS) attacks during the second quarter of the year, over 75% of targets were hit multiple times, according to statistics from Imperva.

Amid an increase in frequency of repeat application layer distributed denial of service (DDoS) attacks during the second quarter of the year, over 75% of targets were hit multiple times, according to statistics from Imperva.

The company’s Global DDoS Threat Landscape for Q2 2017 shows an increase in the amount of persistent application layer assaults over a one-year period. Thus, while only 43.2% of targets were subjected to multiple attacks in the second quarter of 2016, the percentage increased to 75.8% during the same three-month window this year.

The number of application layer attacks observed each week has reached 973 in Q2 2017, down from 1,099 per week in the previous quarter. The number of mitigated network assaults decreased as well, falling from 296 per week in the prior quarter to only 196 per week.

The largest network layer attack that Imperva mitigated during the quarter peaked at 350 Gbps (gigabit per second) and employed a new tactic called a pulse wave attack. First described in August, this method of launching DDoS attacks can be used to pin down multiple targets with alternating high-volume bursts.

Imperva’s report also reveals that United States websites were hit the most with repeat application layer attacks. While the global percentage of targets hit multiple times is of 75.8%, it reaches 80.3% when U.S. websites are considered. Furthermore, the majority of targets that suffered 50 or more attacks were hosted in the US.

Multi-vector attacks went down significantly during the quarter, to only 21.7%, after reaching a record high 40.5% during the previous quarter. The decrease, Imperva says, can be attributed to the steep drop in 2-vector assaults, which fell from 33.5% to 9.4% quarter over quarter. 78.3% of all attacks consisted of a single vector, the company reveals.

The quarter also marked a continuation of a trend toward short burst network layer attacks (91.7% of assaults lasted less than an hour). Most of these attacks can be attributed to botnet-for-hire, but pulse wave assaults and probing attempts also added to the numbers. Overall, 82.5% of attacks lasted less than 30 minutes, while the longest attack of Q2 2017 lasted for more than 147 hours.

Advertisement. Scroll to continue reading.

The largest application layer attack observed during the quarter peaked at 89,134 requests per second, which was merely half of the 176,393 RPS attack registered during the previous quarter. On the other hand, the attack lasted for 48 days, more than twice as long as the one in Q1 2017.

During Q2 2017, 57.4% of all application layer assaults lasted for less than 30 minutes, while the number of persistent attacks increased, with 7.4% of attacks lasting more than six hours and 1.7% being longer than 24 hours.

According to Imperva, the number of primitive bots grew from 90.4% in Q1 to 97.9% in Q2, which reflects an increase in non-sophisticated application layer attacks typically associated with botnet-for-hire services.

Attacks against the U.S. accounted for 79.7% of all attacks, although the country was home to only 61.4% of targets. According to Imperva’s report, 38% of DDoS targets in the U.S. were exposed to six or more DDoS attacks in the span of the quarter.

China remained the top attacking county, with more than 360,000 attacking devices and 63% of attack traffic. Imperva also reports an increase in attack traffic out of Turkey, Ukraine and India.

Related: Pulse Wave DDoS Attacks Disrupt Hybrid Defenses

Related: Network Layer DDoS Attacks Hit Record Levels: Imperva

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...