DDoS attacks are getting more powerful – with figures suggesting that the average attack was 57 per cent stronger in the second half of 2011. Data received from Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention show that the most powerful attack was 20 per cent stronger compared to the first half of the year, and amounted to 600 Mbit/sec. The average attack strength in the second half of 2011 was 110 Mbit/sec – an increase of 57 per cent.
DDoS attacks are used as an act of protest as well as a tool for exerting pressure on competitors. It comes as no surprise then that online trade (online shops, auctions, message boards for sale ads etc) was most frequently targeted, with the sites in this segment suffering 25 per cent of all registered attacks. The proportion of attacks on government-owned websites is also gradually increasing – in the second half of 2011 it reached 2 per cent.
HTTP Flood remains the most popular type of attack (80 per cent). It involves simultaneously sending a large number of HTTP requests to the site being attacked, with bots either trying to access a single page of the site, attacking various authorisation forms or making numerous attempts to download a file from the site.
Despite the relative simplicity of these techniques, researchers have recently noted a shift away from conventional DDoS attacks using large amounts of traffic, to attacks that lead to exploiting substantial resources on the server under attack. This makes it possible to launch effective DDoS attacks with minimum effort from the attacker, i.e. without using large botnets.
“This is a perfectly logical progression,” says Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab. “Large botnets attract the attention of anti-DDoS projects and law enforcement agencies, which can make such botnets much less attractive to cybercriminals. They will have to increase the power of attacks by using several botnets targeting one resource at once. That is why we are not going to see really large DDoS botnets in 2012. Our radars will show mostly medium-size botnets, which are powerful enough to take down an average website, and such botnets are going to become more numerous.”
You can find out more about the new techniques used in attacks and how to protect against them by reading the full version of the report ‘DDoS attacks in H2 2011’.
