The DDoS threat landscape, now and into the new year

Ramsomware (C) 2017 Pixabay / HypnoArtSometimes it’s fun to really take stock in your current situation and to look ahead at what’s to come, envisioning the future as 2017 becomes 2018 and the slate is wiped clean for a new year of new adventures.

Sometimes, however, it isn’t. Such as when the topic is the current state of DDoS attacks across the internet, and how it seems the situation will evolve as we bring in the new year. Here’s a look at the second quarter of 2017 and how it translates to the near future anyway.

First, the good-ish news

According to Incapsula’s Global DDoS Threat Landscape Q2 2017 report, overall attack numbers were down slightly in the second quarter of 2017. Network layer attacks dropped for the fifth quarter in a row, with Incapsula mitigating 196 attempts against their clients per week. Crafty application layer attacks also dropped in the second quarter, though it needs to be noted that even with this drop Incapsula handled 973 application layer attempts per week, down from an all-time high of 1099 in Q1. The Q2 number still bested (worsted?) all four quarters of 2016.

However, if you needed a little good distributed denial of service attack news, then there it is. Technically, numbers are down.

Now some bad

Couldn’t let you ride that high for too long. It’s a dangerous online world out there, after all. What’s lurking below the surface of those combined 1169 attack attempts are a few indications that the DDoS landscape is getting to be an even scarier place.

Firstly, the sophistication level of attacks is rising, with 40.5% of network-layer attacks being multi-vector. This is a steep increase from the 29% of Q1.

Secondly, the websites targeted are really, really being targeted. A whopping 75.8% of websites that were on the receiving end of an attack attempt were targeted more than once. Further, 45 Incapsula-protected websites were hit with more than 50 attempts.

This is a continuation of a trend that emerged in 2017. Instead of the DDoS landscape being dominated by the short-burst low-volume attacks being sprayed indiscriminately across the internet thanks to DDoS for hire services, these more sophisticated attacks appear to be the calling cards of professional attackers, ones very specifically aiming their assaults. That’s not the only indicator that it’s the pros at play in the DDoS game right now.

A new threat

Speaking of sophisticated, specifically-aimed assaults. A new distributed denial of service method emerged in the second quarter. First noticed by Incapsula, this attack ditches the standard DDoS attack pattern – a slow ramp-up that reaches a peak and then drops – in favor of a method that’s left a certain method of mitigation stymied. These attacks, dubbed pulse wave attacks, hit the target at full force with enough malicious traffic to immediately overwhelm the network. After a quick burst, the attack drops off only to return minutes later with another full-force blast of traffic, continuing at regular intervals.

These attacks seem to be achieved by using one botnet to smash multiple targets in one attack window, which accounts for the immediate blast of traffic (since the botnet is already warmed up) as well as the intervals at which the bursts occur. When the attack ebbs for one target, it’s because the next one is being hit.

These pulse wave attacks are even more dastardly than they already seem since it would appear they were designed to thwart one specific type of DDoS mitigation – appliance-first cloud hybrid protection. Since the network is immediately overwhelmed, the appliance is unable to communicate with the cloud scrubbing server, therefore ensuring the attack succeeds and continues to succeed with each pulse. Moreover, Incapsula noted that these attacks were aimed at high-value targets in highly competitive industries like fintech and online gaming.

Global influence

For all of our differences, it turns out that we are a world united when it comes to distributed denial of service attacks, unfortunately. China has long been the leading producer of botnet activity and that hasn’t changed, with 63% of attacks originating in the nation, but the second quarter of 2017 saw Turkey’s botnet activity output double, while the Ukraine and India also had their botnet business surge, reaching a combined 1.45 billion malicious requests.

In terms of countries attacked most, the United States retained its crown, receiving over 75% more attack attempts than the second-most attacked nation, the United Kingdom.

Looking ahead

With the exception of nefariously brilliant new attack methods being developed, the DDoS landscape doesn’t tend to shift wildly. It’s reasonable to assume that the troubling new trends emerging will continue to emerge into the new year. Attacks will continue to rise in sophistication. The websites specifically chosen to be on the receiving end of them will be hit more frequently as professional cyberattackers regain control of the DDoS scene. So while smaller, lower-value targets like hobby websites may feel some measure of relief when it comes to DDoS attacks thanks to a slight dip in DDoS for hire popularity, the heat is going to increase for websites and businesses that have something to lose when outages occur, which could be anything from revenue to reputation to user loyalty.

On the plus side, with an investment in professional DDoS mitigation, you could go back to looking at the impending new year from the perspective of whether or not you’re going to get in shape or meet someone special through internet dating or finally have the blowout argument with your parents that somehow leads to them respecting you. Compared to DDoS attacks, those are all fun topics.

 


Incapsula Logo (CO IncapsulaImperva Incapsula is a cloud-based application delivery platform. It uses a global content delivery network to provide web application security, DDoS mitigation, content caching, application delivery, load balancing and failover services.

Jessica Foreman is an enthusiastic and experienced writer, specialising in business and lifestyle based writing. She is currently looking towards starting her Masters in Mobile and Personal Communications as well as broadening her horizons through travelling.

 

Post Comment