Q4 2013 Global DDoS Attack Report Selected excerpts
Q4 was record-setting quarter for distributed denial of service (DDoS) attacks. Prolexic mitigated the most DDoS attacks ever for one quarter and also mitigated the largest DDoS attack it has faced, which peaked at 179 Gbps. A significant development in Q4 was the use of mobile devices and mobile apps participating in a DDoS attack. Attack vectors and attack source countries Two legacy DDoS attack protocols have resurfaced in recent months. The misuse of the CHARGEN protocol in infrastructure attacks rose 6.39 percent, a 92 percent increase over the previous quarter. The misuse of Network Time Protocol (NTP) in application DDoS attacks is also increasing, but its current level remains very small. DDoS attackers have been leveraging these protocols in distributed reflection DDoS (DrDoS) attacks.
Figure 1 Relative frequency of DDoS attack vectors by type for Q4 2013
In Q4, there was a noticeable presence of Asian countries in the top 10 DDoS attack source countries. Growing economies and an expanding IT infrastructure, plus large online populations, are fueling DDoS attack campaigns. There are also indicators of an increasing number of hacktivist groups becoming active participants in DDoS campaigns from Asia. However, the United States was the main source of DDoS attacks during Q4 2013, accounting for
23.62 percent of attacks. China, which has topped the list for several quarters, took second place in Q4 as the source of 19.09 percent of attacks. In an interesting turn of events, Thailand not only rejoined the top 10 after several quarters of not appearing on the list, but also ranked third with 13.5 percent. The United Kingdom (8.49 percent) and the Republic of Korea (South Korea; 7.33 percent) round out the top five. Attack spotlight: Multi-vector DDoS attack campaign with mobile devices During Q4, Prolexic mitigated a sophisticated multi-vector DDoS campaign against a global financial institution. The attacks continued for four days with changing attack signatures and attack methods. But what made the attack particularly interesting was the fact that mobile devices played a pivotal role in the campaign. Previously, mobile devices were not considered a significant threat due to their limited bandwidth, but their ability to hide behind a super proxy makes them attractive to malicious actors. Attackers used at least a dozen unique attack vectors in the campaign. The attack signatures indicated the malicious actors recruited both voluntary (opt-in) and involuntary (compromised) participants into the botnet to create an army to launch distributed attacks. Two mobile applications were involved in the campaign: AnDOSid readily downloaded from the Google Play store and mobile Low Orbit Ion Canon (LOIC). In addition, domain name servers were victimized via spoofing to launch distributed reflection denial of service (DrDoS) attacks. More details about this DDoS attack campaign are available in the Q4 2013 Global DDoS Attack Report. Get the full Q4 2013 Global Attack Report with all the details Each quarter Prolexic produces a quarterly DDoS attack report. As the worlds leading DDoS mitigation provider, Prolexic is ideally positioned to collect valuable data on the origins, tactics, types, and targets of DDoS attacks and identify emerging trends. Download the Q4 2013 Global DDoS Attack Report for:
Average and trends in attack duration and bandwidth Total number and trends of attacks by type Year-over-year and quarter-over-quarter comparisons Spotlight on a multi-vector attack Details about the trend of DDoS attacks from Asia
The more you know about DDoS attacks, the better you can protect your network against cybercrime. Download the free Q4 2013 Global DDoS Attack Report today. About Prolexic Prolexic Technologies is the worlds largest and most trusted provider of DDoS protection and mitigation services. Learn more at http://www.prolexic.com.