The recent attacks on the banking industry have put Distributed Denial of Service (DDoS) attacks in the spotlight. Expect to keep seeing stories about DDoS attacks because according to some new research, these types of attacks are on the rise.
Prolexic keeps track of DDoS attacks on a quarterly basis and released some very interesting numbers this week. Over a calendar year, from the third quarter 2011 through the third quarter of 2012, there was an 88 percent increase in total number of DDoS attacks. However, from the second quarter to third quarter of 2012, there was a 14 percent decrease in the number of attacks.
Wait, didn’t I just say they were on the rise? Wasn’t there a big increase over a full year? So how was there a decrease between Q2 and Q3? It has to do with the way attacks are happening. This quarter, according to Prolexic, average attack bandwidth totaled 4.9 Gbps, up 11 percent from 4.4 Gbps in the previous quarter. As was stated in a Computerworld story:
Last year such high-bandwidth attacks were isolated incidents, but attacks that exceed 20Gbps in bandwidth occur frequently now. This is significant because very few companies or organizations have the necessary network infrastructure to deal with such attacks. There might be some companies with popular websites such as Google or Facebook that are able to handle such high-bandwidth floods, but most companies are not.
DDoS also appears to be the “attack of choice” for hacktivist groups and others who want to inflict damage. As Imperva Director of Security Strategy Rob Rachwald said in an email to me:
DDoS attacks are common among hacktivist groups such as Izz ad-Din al-Qassam Cyber Fighters and Anonymous because many attack tools are free to use and the impact of the attack scales as more volunteers are recruited. However, considering the size and effectiveness of these attacks, there is a distinct possibility that the Izz ad-Din al-Qassam Cyber Fighters are state sponsored. Foreign nations—even small ones—how have a means to attack US infrastructure and commerce, while passing the blame onto hacktivists.
In a new report, Imperva explained quite well why DDoS is the attack of choice:
DDoS attacks do not seek to breach data integrity or privacy; they can be conducted without the requirement of identifying vulnerabilities to exploit the application.
I suspect DDoS attacks are going to be something we continue to keep a closer eye on as we move into the fourth quarter of this year and as we begin thinking of top threats for 2013.