Denial of Service attacks are experiencing a surge in power and duration in the first months of 2013, with Iran joining China and The United States as a top source of the crippling online attacks.
The power of distributed denial of service (or DDos) attacks – measured in packets per second – jumped 718 percent in the first three months of 2013, compared to the final three months of 2012, the security firm Prolexic reported on Wednesday. The average bandwidth used in DD0S attacks reached 32.4 million packets per second, overwhelming Internet service providers (ISPs), carriers and content delivery networks designed to mitigate the effects of sudden Internet traffic surges.
The data comes from Prolexic’s DD0S Report for the first quarter of 2013. That firm, based in Hollywood, Florida, has become a go-to firm for companies that find their web sites on the receiving end of DDoS attacks. The average attack bandwidth totaled 48.25 Gbps in Q1 2013, a 718 percent increase over last quarter, and the average packet-per-second rate reached 32.4 million, the company said.
“Average packet-per-second rate and average bit rate spiked in the first quarter and both are growing at a fast clip,” said Stuart Scholly, president at Prolexic. “When you have average – not peak – rates in excess of 45 Gbps and 30 million packets-per-second, even the largest enterprises, carriers, and quite frankly most mitigation providers, are going to face significant challenges.”
Massive denial of service attacks have become a mainstay in high profile industries like banking and financial services in the last year. A Citi executive recently told an audience at Purdue University that giant DDoS attacks are now a regular feature of life there, with attacks arriving generally on Wednesday.
Some of those attacks are believed to be ideologically motivated, with US and Western banks targeted as symbols of Western power. China was the most frequent source country, followed by the United States, Germany, and for the first time, Iran, Prolexic said.
The spike in DD0S power is due, in part, to new strategies adopted by attackers. Prolexic said that botmasters shifted to using global botnets of high-bandwidth web servers and other devices. Botmasters also shifted to high packet-per-second DD0S attacks focused on key infrastructure elements like routers. “Failure of these devices often causes collateral damage, typically taking thousands of customer websites offline,” Prolexic said.
Packet rate, rather than bandwidth is a better measure of the power of DDoS attacks these days, said Scholly. “These packet rates are above the thresholds of all but the most expensive routers and line cards and we are seeing networks buckle as a result.”
Not that the bandwidth of the attacks isn’t bigger, too. Average attack bandwidth up 718 percent from 5.9 Gbps to 48.25 Gbps, while the duration of the average DDoS attack monitored by Prolexic also jumped 7.14 percent, to just over 34 hours. The largest attack measured by Prolexic peaked at 130 Gbps in March and was targeted at “an enterprise customer.”
Most DDoS attacks targeted Layer 3 and Layer 4 infrastructure, accounting for more than 76 percent of all the DD0S attacks. The remaining attacks – 23 percent were targeting OSI Layer 7 Web applications, Prolexic said.