Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/23/2016
05:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hit-And-Run Tactics Fuel Growth In DDoS Attacks

A majority of organizations in Imperva DDoS study suffer multiple consecutive attacks.

Many threat actors behind distributed denial of service (DDoS) attacks against enterprises appear to be increasingly employing hit-and-run tactics to make their campaigns more effective.

Security firm Imperva recently analyzed data collected from its customers while mitigating DDoS attacks on their networks between April 2015 and March 2016. The data showed a 211% increase year over year in the number of DDoS attacks directed against its customers. On average, Imperva mitigated about 445 DDoS attacks per week over the one-year period.

At least some of the growth in the number of DDoS attacks recorded by Imperva had to do with the increased use of hit-and-run tactics by threat actors. These are attacks where a single assault is executed in multiple smaller and consecutive attack-bursts, according to Imperva.

The goal in using the tactic appears to be to exhaust mitigation teams by keeping them on high alert status for prolonged periods of time. Attackers could also be employing the tactic to confuse mitigation teams and divert attention away from other, more surreptitious malicious activity directed against their networks, Imperva said in its report.

More than 40% of the DDoS victims that Imperva counted last year in fact were attacked more than one time. About 16% were targeted at least five times or more. A comparison of DDoS data from the four quarters that Imperva inspected showed a gradual uptick in the use of such hit-and run tactics, the company noted.

“We have been seeing hit-and-run attacks for the last four quarters,” says Tim Matthews, vice president of marketing at Imperva. “They are really an evolution of multi-vector attacks, where criminals realize that large frontal attacks alone may no longer be successful.” 

The increased use of DDoS-for-hire services also contributed to the overall uptick in DDoS attacks last year, according to Imperva. The number of attackers using paid “booters” or “stressers” to direct DDoS traffic against specific targets jumped from around 64% in the second quarter of last year to 93% in Q1 2016.

With some booter services starting at just $5 for a minute-long attack, many of those engaged in such activity are likely non-professionals, Imperva said in its report.

The biggest impact for enterprises from such attacks is potential revenue loss, Matthews says. “This is especially pronounced for companies that depend on uptime for revenue, notably gaming and ecommerce companies,” he says.

In addition to an increase in overall numbers, DDoS attacks also increased in size.

Many of the network-layer attacks that Imperva handled for customers last year exceeded 200 Gbps, with one even exceeding a massive 470 Gbps in size. That attack is the largest that Imperva has seen to date, according to Matthews. Attackers often used small network packets to maximize packet forwarding rates and throughput capacity.

In terms of sheer number, however, application-layer assaults accounted for 60% of all DDoS attacks that Imperva mitigated last year.  

“Attackers are continuing to evolve,” Matthews says. “The sophistication of attacks, and the targeting of applications rather than networks, means that simple mitigation techniques that used to work – like configuring routers or firewalls to block attacks – are likely not working, and may offer a false sense of security.”

Related stories:

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jolatourte
50%
50%
Jolatourte,
User Rank: Apprentice
9/3/2016 | 4:17:12 AM
DDoS Attacks

DDoS Attacks is terrible for a young startup..thank you for your tips ! 

Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-18568
PUBLISHED: 2019-08-20
The my-wp-translate plugin before 1.0.4 for WordPress has XSS.
CVE-2017-18569
PUBLISHED: 2019-08-20
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
CVE-2019-15238
PUBLISHED: 2019-08-20
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
CVE-2011-5328
PUBLISHED: 2019-08-20
The user-access-manager plugin before 1.2 for WordPress has CSRF.
CVE-2014-10381
PUBLISHED: 2019-08-20
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.