Layer 7 DDoS attacks decline, report says

The number of application layer (Layer 7) attacks against its global client base declined in Q2 2012, according to Prolexic Technologies' newly released DDoS attack report.

From the report:

Even though the total number of DDoS denial of service attacks increased 10% this quarter, the Prolexic Security Engineering & Response Team (PLXsert) logged an 8 percent decline in application layer DDoS attacks, which accounted for 19% of all attacks. Infrastructure attacks (Layer 3 and 4) against bandwidth capacity and routing infrastructures totaled 81 percent.

GET Floods, the most popular Layer 7 attack type, continued to decline in popularity. In Q2 2011, GET Flood attacks accounted for 22 percent of all DDoS attack campaigns mitigated by Prolexic. In Q2 2012, GET Flood attacks account for just 14 percent.

PLXsert also identified a rise in popularity for certain types of infrastructure-directed DDoS attacks: ICMP, SYN, and UDP floods. In Q2 2011, these attack types accounted for 55 percent of attacks mitigated by Prolexic. In Q1 2012, they accounted for 59% and this quarter, the total percentage has increased to 67 percent.

Despite a low number of DDoS attacks in April and May, Q2 2012 was active overall, with the total number of denial of service attacks increasing by 10 percent compared to Q1 2012. This quarter, June was by far the most active month, accounting for 47 percent of the quarter’s total number of DDoS attacks. The week of June 3-10 was the most active when PLXsert logged 14 percent of the entire quarter’s total number of DDoS denial of service attacks. Interestingly, this period of high activity coincided with the beginning of the UEFA Euro 2012 soccer tournament.

Data for the report was gathered and analyzed by the Prolexic security engineering & response team, which monitors malicious activity around the world and analyzes DDoS attacks using its proprietary techniques and equipment. The report offers up these bullet points for the sake of comparing the latest data to previous trends:

Compared to Q1 2012

--10 percent increase in total number of attacks

--  8 percent rise in Layer 3 and 4 infrastructure attacks

--  Average attack duration declines to 17 hours from 28.5

--  China retains its position as the main source country for DDoS attacks

Compared to Q2 2011

--      50 percent increase in total number of DDoS attacks

--      11 percent increase in infrastructure (Layer 3 & 4) attacks

--     Shorter average attack duration: 17 hours vs. 26 hours

--      63 percent higher packet-per-second (pps) volume

Reports like this are always difficult to work into the bigger picture. It's a snapshot of one vendor's client base, and if one were to put together a stack of findings from other vendors, an entirely different picture would likely emerge. Still, it's an interesting snapshot.

A while back I put together a DDoS attack survival guide of sorts -- a compilation of articles and podcasts on the nature of the problem and some best practices to chew on. This report's release is as good an excuse as any to share it with you.

I'll end with the question: Do you think DDoS attacks are declining, rising or is it the same as it ever was?

Copyright © 2012 IDG Communications, Inc.

What is security's role in digital transformation?