Feeds

Report: DDoS attacks now MORE ANGRY, complex and targeted

Less like the Hulk, more like Iron Man

Intelligent flash storage arrays

The days when attackers relied on sheer bandwidth volume alone to knock out websites are over, with miscreants increasingly using application-layer and multi-vector attacks.

The latest annual study from DDoS attack protection company Arbor Networks reports that 46 per cent of respondents said they had experienced multi-layer attacks in the year up to the end of September 2012, markedly up from the 27 per cent recorded in the year before. The largest attack reported was 60 Gbps, the same figure as 2011.

In 2010, the peak attack hit a bumper 100 Gbps.

Instead of concentrating on upping the noise, the bad guys have switched tactics towards application-layer (targeting web services, mostly) and multi-vector attacks rather than less sophisticated packet flood attacks, Arbor said.

Data centres and cloud services are increasingly getting hit by DDoS attacks, which have traditionally been slung solely against websites. Arbor reports that "distributed denial of service (DDoS) attacks have plateaued in size but become more complex" adding that "data centre and cloud services are especially attractive targets". The vast majority (94 per cent) of data centre operators polled by Arbor Networks reported they had been hot by attacks during the study period.

DDoS attacks are used by a variety of players from hacktivists to cybercriminals using packet floods as a means of extortion to business rivals of targeted companies. Arbor reports that e-commerce and online gaming sites are among the most common targets of attack.

Arbor's study, generally regarded as one of the best of its type, is based on survey data provided by network operators from around the world that use its technology to fend off DDoS attacks.

The study also found that DNS (Domain Name Server) infrastructure remains vulnerable. More than a quarter (27 per cent) of respondents experienced customer-impacting DDoS attacks on their DNS infrastructure—a significant increase over the 12 per cent of respondents from previous year’s survey.

Arbor Network's eight annual Worldwide Infrastructure Security Report report can be found here. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.