Prolexic's Q1 2013 DDoS Report: Average Attack Bandwidth Up 718 Percent

Average attack duration increases 7.14 percent from 32.2 hours to 34.5 hours

April 17, 2013

5 Min Read


HOLLYWOOD, FL – (April 17, 2013) – Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) protection services, today announced that average attack bandwidth totaled 48.25 Gbps in Q1 2013, a 718% increase over last quarter, and the average packet-per-second rate reached 32.4 million. These startling metrics are just two of many contained in the company's Quarterly Global DDoS Attack Report, which was published today.

"Average packet-per-second rate and average bit rate spiked in the first quarter and both are growing at a fast clip," said Stuart Scholly, president at Prolexic. "When you have average – not peak – rates in excess of 45 Gbps and 30 million packets-per-second, even the largest enterprises, carriers, and quite frankly most mitigation providers, are going to face significant challenges."

Early last year, a different type of DDoS attacker emerged: one with considerable botnet resources, but also an intimate understanding of how the Internet routing topology works. As a result, Prolexic detected a clear shift to high packet-per-second DDoS attacks specifically designed to overwhelm infrastructure elements such as routers. Failure of these devices often causes collateral damage, typically taking thousands of customer websites offline.

"It's a classic change up," said Scholly. "Nearly everyone has been focused on bandwidth and gigabits per second, but it's the packet rate that's causing the most damage and presenting the biggest challenge. These packet rates are above the thresholds of all but the most expensive routers and line cards and we are seeing networks buckle as a result."

Highlights from Prolexic's Q1 2013 Global DDoS Attack Report

Compared to Q4 2012

· Average attack bandwidth up 718% from 5.9 Gbps to 48.25 Gbps

· Average attack duration increases 7.14 percent from 32.2 hours to 34.5 hours

· Total number of infrastructure attacks rise 3.65 percent; total number of application attacks fall 3.85 percent

· 1.75 percent increase in total number of DDoS attacks

Compared to Q1 2012

· Average attack bandwidth up 691% from 6.1 Gbps to 48.25 Gbps

· 21% increase in average attack duration from 28.5 hours to 34.5 hours

· Total number of infrastructure attacks up 26.75 percent; total number of application attacks up 8%

· 21.75 percent rise in total number of attacks

Analysis and emerging trends

During Q1 2013, more than 10% of DDoS attacks against Prolexic's global client base averaged more than 60 Gbps. The largest attack mitigated in the quarter peaked at 130 Gbps, occurring in March against an enterprise customer. In response to these huge attacks, more carriers and ISPs are being forced to null route (black hole) traffic to protect their networks.

Attack volume also grew in Q1 2013 and reached the highest number of attacks Prolexic has logged for one quarter. However, the percentage increase over the previous quarter was nominal. Attack volume has been especially high during the last six months, reflecting a general trend of heightened global DDoS activity and risk of attack.

Like recent quarters, Layer 3 and Layer 4 infrastructure attacks were the favored attack type, accounting for 76.54 percent of total attacks during the quarter, with Layer 7 application layer attacks making up the remaining 23.46 percent. This approximate 3:1 split remains unchanged. This quarter, SYN (25.83 percent), GET (19.33 percent), UDP (16.32 percent) and ICMP (15.53 percent) floods were the attack types most often encountered during mitigation.

Average attack duration continued to rise, from 32.2 hours the previous quarter to 34.5 hours in Q1, an increase of 7.14 percent. March was the most active month for attacks, accounting for 44% of the quarter's attacks. The week of March 19 was the most active of the quarter. The last two weeks of the quarter were the most active and showed the largest percentage increase compared to Q1 2012 (306 and 154% respectively).

As is commonplace, the top 10 list of source countries responsible for launching the most DDoS attacks was fluid with the exception of China. Once again, China secured the top place in attack source country rankings, joined by the United States, Germany, and for the first time, Iran.

"Because Prolexic operates an 800 Gbps cloud-based, upstream network and typically intercepts traffic long before it hits carriers and saturates their networks, it is one of the few companies in the world that can handle this level of attack traffic," said Scholly. "Prolexic gained a significant number of new clients in Q1 as more and more providers that offer DDoS as a add on service failed to cope with these enormous attacks."

Data for the Q1 2013 report has been gathered and analyzed by the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through digital forensics and post attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with Prolexic customers. By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.

A complimentary copy of the Prolexic Q1 2013 Global DDoS Attack Report is available as a free PDF download from Prolexic's Q2 2013 report will be released in the third quarter of 2013.

About Prolexic

Prolexic is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world's largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first in-the-cloud DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit, follow us on LinkedIn, Facebook and Google+ or follow @Prolexic on Twitter.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights