Cyber criminals who commit distributed denial-of-service (DDoS) attacks are changing their tactics by using smaller botnets that fly under the radar.
This was revealed in the Q3 2013 Global DDoS Attack Report by Prolexic, a DDoS protection provider based in Florida, US.
The report examines DDoS attacks that occurred during Q3 2013 against the company's clients. Prolexic clients include 10 of the world's largest banks and the leading companies in e-commerce, software as a service, payment processing, travel/hospitality, gaming, energy and other at-risk industries.
Stuart Scholly, president of Prolexic, says a major concern is the "dramatic acceleration" of reflection attacks this quarter, rising among Prolexic's clients by 265% since the third quarter of 2012 and by 70% over Q2 this year. He believes this shows that DDoS attackers have found easier and more efficient ways to launch bigger attacks using smaller botnets.
In a reflection DDoS, termed a DrDDoS attack, the perpetrator spoofs the target's IP address and sends a request for information via User Datagram Protocol to servers that respond to that type of request. The request is answered by the servers and sent to the target's IP address and it appears to the servers that the target sent the initial request.
The surge in reflection attacks over the previous quarter should "come as no surprise", says Scholly, as high-damage, low-effort attacks are always a winner for cyber criminals.
Fewer bots are needed to execute a reflection attack, because the amplification factor, or increase in the volume of traffic, is so great, he explains. As less outbound bot traffic is necessary, the actual botnet can be a lot smaller. The smaller the botnet, the easier it can remain undetected, he says.
The company also reported that DDoS attacks against its clients in Q3 2013 were the highest reported total for one quarter, showing a consistently high level of DDoS activity globally over the past six months.
The perpetrators
The usual suspects, China and the US, claimed top spots, with China being the top originator of DDoS attacks against Prolexic clients, accounting for 62% of the total, an increase of 22.92% from Q3 2012. The US came in second with 9.06% ? a 4.94% increase from Q2 2013, but a reduction of 18.79% from Q3 2012.
Korea was in third place, with 7.09%, followed by Brazil, with 4.46%, and Russia hot on its heels, with 4.45%. The bottom countries were India (3.45%), Taiwan (2.95%), Poland (2.23%) and Italy (1.94%).
To download the full report, click here.
Share