Q3 2013 Global DDoS Attacks | DDoS Attack Statistics

  • Published on

  • View

  • Download


In Q3 2013, malicious actors shifted to reflection and amplification (DrDoS) attacks to launch more powerful DDoS attacks with fewer resources. This graphical analysis of attacks against Prolexics global client base showed an increase in reflection attacks and UDP floods and a decline in the use of SYN floods.


1. Q3 2013 Global DDoS Attack ReportDDoS perpetrators changed tactics to amplify attack sizes and hide identities Use of the CHARGEN protocol increased 3.37% when compared to other infrastructure attack methods. Adoption of the UDP-based CHARGEN protocol has been rapid as it is widely available on the DDoS-as-a-Service market.Application attacks declined slightly to 23.48%, down from 25.29% in Q2 2013. Compared to Q3 2012, application attacks have increased by almost 6% (from 17% to 23%).SSL POST: 0.26% SSL GET: 0.78% PUSH: 0.91% HTTP POST: 3.37%ACK: 1.69% CHARGEN: 3.37% FIN PUSH: 0.39%HEAD: 0.13%N IODNS: 8.94%ER LAYICMP: 11.41%Traditional attack methods, such as ICMP floods, dropped this quarter. The movement away from ICMP floods toward reflected amplification attacks is due to a shift in attack offerings among DDoS-as-a-Service stressor services.23.48% RAPPLIC ATHTTP GET: 18.03%8.9% of infrastructure attacks were based on the DNS attack protocol, a 4% increase compared to Q3 2012 (5%).L AY E76.52%TUREUDP Fragment: 14.66%IN F R AU ST RCRESET: 1.94% RIP: 0.13% RP: 0.39% SYN: 18.16%UDP Floods: 14.66%SYN PUSH: 0.13% TCP Fragment: 0.65%The UDP attack vector totaled 29.32% of all attacks a 10% increase compared to the previous quarter, returning to levels seen in Q2 2012. A significant portion of UDP floods were reflected amplification attacks using DNS and CHARGEN.Infrastructure attacks increased 2% compared to Q2 2013. Compared to Q3 2012, infrastructure attacks fell by almost 6% (81.40 to 76.52&)THE BOTTOM LINE:At 18.16%, the percentage of SYN floods has decreased this quarter compared to Q2 2013 and Q3 2012, but SYN floods still remain the most popular of all infrastructure attacks, most likely due to the proliferation of easy-to-use stress-testing tools that are freely available.There was a significant shift to reflection-based attack vectors in Q3 2013, rising 69% compared to the previous quarter, and 265% when compared to the same quarter a year ago. www.prolexic.com


View more >