DDoS traffic soars and the bots get cleverer
New research by website security specialist Incapsula looks at the impact of DDoS traffic on the internet with data collected over a five month period looking at over 154 million DDoS bot sessions.
It reveals some startling statistics, the main one being that at the application level DDoS bot traffic is up by 240 percent. More than 25 percent of all botnets are located in India, China and Iran, whilst the US ranks fifth in the top ten attacking countries.
At network level, large scale SYN floods account for over half (51.5 percent) of all attacks and almost 81 percent of attacks are multi-vector threats.
The results show a shift towards so called "hit and run" attacks, relying on short bursts of traffic at frequent intervals, designed to exploit vulnerabilities in protection systems. The growth in multi-vector attacks is also being used to create "smokescreens" where one attack creates noise to divert attention away from the main vector. The first part of 2014 has also shown a rise in NTP (Network Time Protocol) amplification attacks which in February became the most commonly used method of large scale DDoS attack.
In order to infiltrate systems bots are using spoofed user-agents. These help to bypass low-level filtering solutions, based on the assumption that bots which identify themselves as search engines or browsers won't be screened out.
You can read more and download the full report on the Incapsula blog or see an overview of the findings in the infographic below.