14 DAY TRIAL // Prolexic Technologies has issued a report to detail the distributed denial-of-service (DDOS) attacks aimed at organizations in the third quarter of 2012.
Although a 14% decline has been recorded in the number of attacks compared to the previous quarter, their intensity grew considerably, on many occasions exceeding the 20Gbps limit.
“Last year, a DDoS attack in excess of 20 Gigabits per second was not able, but today it seems commonplace. To put this in perspective, very few enterprises in the world have a network infrastructure with the capacity to withstand bandwidth floods of this size,” said Stuart Scholly, president of Prolexic.
The figures show that compared to the second quarter of 2012, the intensity of the attacks has grown by 11% and their duration has increased to an average of 19 hours.
Another interesting fact is that China has been joined by the United States in being the top source countries for such cybercriminal operations.
The numbers may not look all that bad if we only compare them to the previous quarter, but if we extend the comparison to the same period of 2011, things are somewhat different.
The total number of DDOS attacks recorded by Prolexic has increased by 88% compared to Q3 2011. The attack duration might have decreased from 33 to 19 hours, but the average bandwidth has increased by 230%.
Similar to last quarter, Layer 3 and Layer 4 infrastructure DDOS attacks were favored by cybercriminals.
Besides the classic attacks – SYN floods, UDP floods, ICMP floods, GET floods and UDP fragment floods – experts have also noticed some uncommon types such as SYN PUSH, FIN PUSH and RIP floods. With these additions, the number of DDOS attack types has gone up to 18.
“In the attacks Prolexic mitigated, RIP floods were utilized in a reflection attack. RIP is a legacy routing protocol not typically used as a DDoS attack vector. The inclusion of unexpected protocols in attack campaigns highlights the continued evolution and threat of DDoS toolkits,” said Scholly.
The complete Prolexic Quarterly Attack Report for Q3 2012 is available here.