Attacks/Breaches

5/22/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Q1 2017 Global DDoS Threat Landscape Report

The number of network layer assaults fell to 269 assaults per week during the first quarter, compared to 568 in the second quarter of 2015.

Imperva Incapsula’s latest Global DDoS Threat Landscape Report is an analysis of more than 17,000 network and application layer DDoS attacks mitigated by our services during the first quarter 2017.

For the fourth quarter in a row, we saw a decrease in the number of network layer assaults, which fell to 269 per week compared to 568 in the second quarter 2015. In contrast, we saw yet another spike in the number of application layer assaults, which reached an all-time high of 1,099 per week.

The largest application layer attack we mitigated this quarter peaked at over 176,000 RPS—already higher than the largest attack we saw in 2016, which peaked at approximately 173,000 RPS.

On a macro level, we saw DDoS attacks continue to evolve in terms of complexity and persistence, while also growing shorter in duration.

Attacks Are Growing Shorter, More Complex and Persistent

In the first quarter 2017, we witnessed yet another decrease in average attack duration, attesting to the prevalence of botnet-for-hire services (a.k.a. booters or stressers). that enable their users to launch short, low-volume bursts. Such attack tools are commonly used by non-professional offenders, often internet trolls who use DDoS to settle a personal dispute or to simply harass their victims.

Overall, 80% of all DDoS attacks lasted less than one hour and, for the first time, 90% of network layer attacks lasting less than 30 minutes, compared to 78.2% in the fourth quarter 2016.

At the same time, we continued to observe a higher level of sophistication in DDoS offenders, reflected by a steep rise in multi-vector attacks. In the first quarter 2017, these accounted for more than 40% of all network layer assaults, up from 29% in the fourth quarter.

In the first quarter of the year, we saw attacks grow more persistent. Specifically, 74% of targets suffered repeat attacks during the quarter, with 19% being attacked 10 times or more—in both cases these numbers were the highest ever on record. In the most extreme case, an established US-based science news website was hit 1,046 times by low-volume bursts lasting 10 minutes or less.

In terms of worldwide botnet activity, almost 69 percent of all DDoS attack requests came from China (50.8%, South Korea (10.8%) and the United States (7.2%).

Consistent with previous quarters, the United States, United Kingdom and Japan continued to top the list of most targeted countries. For the first time in the past year, they were joined by Singapore and Israel.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.