In Q3 2013, malicious actors shifted to reflection and amplification (DrDoS) attacks to launch more powerful DDoS attacks with fewer resources. This graphical analysis of attacks against Prolexic’s global client base showed an increase in reflection attacks and UDP floods and a decline in the use of SYN floods.
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Q3 2013 Global DDoS Attacks | DDoS Attack Statistics
1. Q3 2013
Global DDoS Attack
Report
DDoS perpetrators changed tactics to
amplify attack sizes and hide identities
Use of the CHARGEN protocol increased 3.37%
when compared to other infrastructure attack
methods. Adoption of the UDP-based CHARGEN
protocol has been rapid as it is widely available
on the DDoS-as-a-Service market.
Application attacks
declined slightly to 23.48%,
down from 25.29% in Q2
2013. Compared to Q3
2012, application attacks
have increased by almost
6% (from 17% to 23%).
SSL POST: 0.26%
SSL GET: 0.78%
PUSH: 0.91%
HTTP POST: 3.37%
ACK: 1.69%
CHARGEN: 3.37%
FIN PUSH: 0.39%
HEAD: 0.13%
N
IO
DNS: 8.94%
ER
LAY
ICMP: 11.41%
Traditional attack
methods, such as
ICMP floods, dropped
this quarter. The
movement away
from ICMP floods
toward reflected
amplification attacks
is due to a shift in
attack offerings among
DDoS-as-a-Service
stressor services.
23.48%
R
APP
LIC
AT
HTTP GET: 18.03%
8.9% of infrastructure attacks were
based on the DNS
attack protocol, a 4%
increase compared
to Q3 2012 (5%).
L AY E
76.52%
TU
RE
UDP Fragment: 14.66%
IN F R A
U
ST R
C
RESET: 1.94%
RIP: 0.13%
RP: 0.39%
SYN: 18.16%
UDP Floods: 14.66%
SYN PUSH: 0.13%
TCP Fragment: 0.65%
The UDP attack vector totaled
29.32% of all attacks – a 10%
increase compared to the
previous quarter, returning
to levels seen in Q2 2012.
A significant portion of
UDP floods were reflected
amplification attacks using
DNS and CHARGEN.
Infrastructure attacks
increased 2% compared
to Q2 2013. Compared to
Q3 2012, infrastructure
attacks fell by almost 6%
(81.40 to 76.52&)
THE BOTTOM LINE:
At 18.16%, the percentage of
SYN floods has decreased this
quarter compared to Q2 2013
and Q3 2012, but SYN floods
still remain the most popular of
all infrastructure attacks, most
likely due to the proliferation of
easy-to-use stress-testing
tools that are freely available.
There was a significant shift to reflection-based attack vectors
in Q3 2013, rising 69% compared to the previous quarter, and
265% when compared to the same quarter a year ago.
www.prolexic.com