No Sign Of DDoSes Diminishing

Application-layer DDoS attacks decline for the first time last quarter, but slow and low attacks gaining ground

The total number of distributed denial-of-service (DDoS) attacks jumped by 10 percent in the second quarter, but application-layer DDoS attacks dropped for the first time in a while, by 8 percent, a new report found.
Application-layer attacks, which operate at HTTP and other application-layer protocols, account for nearly 20 percent of all DDoS attacks and had enjoyed a spike in the past three quarters, according to Prolexic Technologies, which released its newest data today.
Why the decline? There are a couple of possible reasons for this, but no definitive answer, says Paul Sop, senior DDoS analyst with Prolexic, a cloud-based DDoS mitigation provider.
One possibility is the growth in attack tools for infrastructure-level attacks, he says, which may have skewed the numbers a bit toward those attacks. Another is that its a survival tactic: Second, Layer 7 attacks expose the IP address of the attacking botnet, which increases the risk of detection and eventual takedown. As a result, it appears that attackers used more Layer 3 and Layer 4 attacks this quarter so they would not risk their botnets being exposed, Sop says.
The catch, too, is that once attackers discover that Prolexic is repelling attacks against its customers, they may be curtailing their attacks sooner or saving Layer 7 attacks for last, he says.
Akamai, meanwhile, says DDoS attacks have jumped 2,000 percent over the past three years. The security firm is also witnessing a trend toward more stealthy application-layer attacks. Attackers are not blasting the high-volume attacks they used to perform aimed at sapping bandwidth, notes Martin McKeay, a security evangelist with Akamai. Were seeing volumetric attacks on the decline: DDoSes are not as big as they used to be, and more are being moved up the stack, McKeay says. There are more attacks that are based on resource exhaustion, like a Slowloris-type attack, trying to use the resources of a Web server and take you down that way.
McKeay says the low and slow attacks are tougher to track and detect, so they can be more effective because they have more staying power. The RBN [Russian Business Network] is learning whats effective. We and our competitors can deal with volumetric attacks relatively easily, or at least effectively, he says, so the attackers are moving to different methods, including targeting DNS servers.
If you can make a stock transaction and bring down the servers behind you, it can be very effective, he says.
Application/Layer 7 DDoS attacks tend to be the handiwork of skilled and experienced attackers, notes Prolexics Sop. Often, attackers will move to Layer 7 if Layer 3 and 4 volumetric attacks are not working. Many mitigation services can deal with infrastructure attacks, but fewer have the skills and resources to analyze and then block changing attack signature on the fly for Layer 7 attacks, he says.
HTTP GET flood attacks dropped from 22 percent of DDoS attacks in the second quarter of 2011 to 14 percent in the second quarter of this year, according to Prolexic.
A copy of the full Prolexic report is available
here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
No Sign Of DDoSes Diminishing