Attacks/Breaches
5/22/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Q1 2017 Global DDoS Threat Landscape Report

The number of network layer assaults fell to 269 assaults per week during the first quarter, compared to 568 in the second quarter of 2015.

Imperva Incapsula’s latest Global DDoS Threat Landscape Report is an analysis of more than 17,000 network and application layer DDoS attacks mitigated by our services during the first quarter 2017.

For the fourth quarter in a row, we saw a decrease in the number of network layer assaults, which fell to 269 per week compared to 568 in the second quarter 2015. In contrast, we saw yet another spike in the number of application layer assaults, which reached an all-time high of 1,099 per week.

The largest application layer attack we mitigated this quarter peaked at over 176,000 RPS—already higher than the largest attack we saw in 2016, which peaked at approximately 173,000 RPS.

On a macro level, we saw DDoS attacks continue to evolve in terms of complexity and persistence, while also growing shorter in duration.

Attacks Are Growing Shorter, More Complex and Persistent

In the first quarter 2017, we witnessed yet another decrease in average attack duration, attesting to the prevalence of botnet-for-hire services (a.k.a. booters or stressers). that enable their users to launch short, low-volume bursts. Such attack tools are commonly used by non-professional offenders, often internet trolls who use DDoS to settle a personal dispute or to simply harass their victims.

Overall, 80% of all DDoS attacks lasted less than one hour and, for the first time, 90% of network layer attacks lasting less than 30 minutes, compared to 78.2% in the fourth quarter 2016.

At the same time, we continued to observe a higher level of sophistication in DDoS offenders, reflected by a steep rise in multi-vector attacks. In the first quarter 2017, these accounted for more than 40% of all network layer assaults, up from 29% in the fourth quarter.

In the first quarter of the year, we saw attacks grow more persistent. Specifically, 74% of targets suffered repeat attacks during the quarter, with 19% being attacked 10 times or more—in both cases these numbers were the highest ever on record. In the most extreme case, an established US-based science news website was hit 1,046 times by low-volume bursts lasting 10 minutes or less.

In terms of worldwide botnet activity, almost 69 percent of all DDoS attack requests came from China (50.8%, South Korea (10.8%) and the United States (7.2%).

Consistent with previous quarters, the United States, United Kingdom and Japan continued to top the list of most targeted countries. For the first time in the past year, they were joined by Singapore and Israel.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.