After trending down in 2011 and part of 2012, average attack durations are increasing, rising from 17 hours in Q1 2012 and 34.5 hours in Q1 2013, to 38 hours this quarter.
"Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets," said Stuart Scholly, president at Prolexic. "The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets. Traditionally, botnets have been built from compromised clients. This requires malware distribution via PCs and virus infections, and takes considerable time and effort. Consequently, attackers wanted to protect their client-based botnets and were more fearful of detection, so we saw shorter attack durations."
Compared to Q2 2012:
- 33 percent increase in total number of DDoS attacks
- 23 percent increase in total number of infrastructure (Layer 3 & 4) attacks
- 79 percent increase in total number of application (Layer 7) attacks
- 123 percent increase in attack duration: 38 hours vs. 17 hours
- 925 percent increase in average bandwidth
- 1,655 percent increase in average packet-per-second (pps) rate.
- 20 percent increase in total number of DDoS attacks
- 17 percent increase in total number of infrastructure (Layer 3 & 4) attacks
- 28 percent increase in total number of application (Layer 7) attacks
- 10 percent increase in attack duration: 38 hours vs. 34.50 hours
- 2 percent increase in average bandwidth: 49.24 Gbps vs. 48.25 Gbps
- 46 percent increase in average packet-per-second (pps) rate
- China maintains its position as the main source country for DDoS attacks.
Compared to the same quarter one year ago, the total number of DDoS attacks increased 33.8 percent. In addition, the total number of infrastructure attacks increased 23.2 percent while the total number of application attacks (Layer 7) increased by 79.4 percent compared to one year ago.
While the split between the total number of infrastructure attacks and application layer attacks was similar between the two quarters, both attack types increased when the two quarters were compared. Average attack durations have increased significantly, rising from 17 hours in Q2 2012 to reach 38 hours this quarter, an increase of 124 percent.
Compared to Q1 2013, the total number of attacks increased by 20 percent. This reflects a consistently high level of denial of service attack activity around the globe over the last six months. The total numbers of both infrastructure and application attacks increased over Q1 2013 (17.4 percent and 28.9 percent respectively). Average attack duration continued to tick upwards, rising from 34.5 hours last quarter to 38 hours in Q2 2013.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.