Prolexic

Q2 2013 Global DDoS Attack Report

The second quarter (April June) 2013 saw significant increases in and the highest quarterly averages ever recorded by Prolexic for Distributed Denial of Service (DDoS) attack bandwidth and packet-per-second (pps) rates. These metrics were compiled from DDoS attacks directed against Prolexics global client base. Average bandwidth reached 49.24 Gigabits per second (Gbps) and the pps rate averaged 47.4 million. 17 percent of DDoS attacks were more than 60 Gbps (download the full report). Another eye-catching metric was the increase in average attack duration, which continued to rise and reached 38 hours. This reverses the trend of declining attack durations observed early in 2012. Since Q2 2012, when duration measured just 17 hours, average attack duration has more than doubled in 12 months. This illustrates that perpetrators are less concerned about botnet identification. With the widespread availability of compromised web servers, it has become quicker and easier for malicious actors to replenish and redeploy botnets if detected or taken down by authorities. Previously, building a botnet from clients, primarily home PCs infected with malware, took considerable time and effort. Therefore, attackers sought to avoid compromising their assets by using shorter attack times. DDoS attack frequency in Q2 2013 Prolexic logged the highest number of DDoS attacks against its global client base in Q2 2013. April was the most active month of the quarter, accounting for 39.7 percent of all attacks. Two weeks tied for the most active week of the quarter: April 8-14 and April 15-21. The increase and decrease in the total number of DoS and DDoS attacks compared to the same quarter one year ago can be seen in the chart.

Analysis of attack types In Q2 2013, the majority of DDoS traffic arrived in the form of infrastructure (Layer 3 and 4) attacks, making up approximately 74.7 percent of attacks. The remaining 25.3 percent of DDoS traffic was in the form of application attacks (Layer 7). The most popular infrastructure attacks were SYN floods, which made up 31.2 percent of all infrastructure traffic. The most common application attacks were HTTP GET floods, making up approximately 21.5 percent of the total. Other popular types of application attacks included HTTP POST floods and SSL GET floods. (Download the full report for details.) Top 10 source countries for DDoS attacks in Q2 2013 The second quarter showed China as the largest source of malicious traffic with 39 percent of sourced botnet activity. Mexico and Russia were second and third, respectively, as shown.

Read Prolexics full Q2 2013 Global DDoS Attack Report for more details, including: Averages and trends in attack duration and bandwidth Total number and trends of attacks by type
2

Year-over-year and quarter-over-quarter comparisons Case study: A 167 Gbps DNS Reflection Denial of Service (DrDoS) attack campaign A forward look at emerging DDoS trends

About Prolexic Prolexic Technologies is the worlds largest and most trusted distributor of DDoS protection and mitigation services. Learn more at www.prolexic.com. About PLXsert Prolexic Security and Engineering Response Team (PLXsert) monitors the global malicious cyber threats and actively analyzes DDoS attacks using proprietary techniques and equipment.