Skip to main content

Botnet growth fuels "remarkable" Q1 2013 surge in DDos attacks

Distributed denial of service (DDoS) attacks are on the rise and becoming more sophisticated, according to new data.

In a new report, security firm Prolexic determined that the first quarter of 2013 was a "landmark quarter" for DDoS attacks.

"One word sums up Q1 2013: remarkable," Prolexic said. "Never before have attacks been this formidable."

In late-March, the Spamhaus Project was hit with a DDoS attack that reportedly topped 300 Gbps. Prolexic said the size of the Spamhaus incident was "grossly inflated," but the firm did handle a 130 Gbps attack in March, while 10 per cent of the attacks directed at its clients topped 60 Gbps. Average attack bandwidth was up 718 per cent from the last quarter, from 5.9 Gbps to 48.25 Gbps.

"This indicates that advanced malicious actors have become more adept at harnessing the power of large DDoS botnets," Prolexic said. "Furthermore, it indicates that the malicious groups behind these large-scale attacks are becoming more organised and are coordinating with different veteran crime organisations."

A "normal" DDoS attack that might take down a bank website is around 50 Gbps. But about 25 per cent of the attacks were less than 1 Gbps. They are most common because they can "be executed by low-skilled actors."

Of note, Prolexic said, were the high number of DDoS attacks that targeted Internet service providers and carrier router infrastructures. Attacks on infrastructure were favored over application-level attacks during the quarter, 76.54 per cent compared to 23.46 per cent.

An infrastructure attack is a DDoS attack that overloads the network infrastructure by consuming large amounts of bandwidth, like making excessive connection requests without responding to confirm the connection, Prolexic said.

An application-level attack is a DDoS attack that overloads an application server, by making excessive login, database lookup or search requests. Application attacks are harder to detect than other kinds of DDoS attacks, Prolexic said, because the connection has already been established and the requests may appear to be from legitimate users. But they are more easily traceable.

Overall, DDoS attacks were up 21 per cent compared to the same quarter in 2012. But they only increased by 1.75 per cent compared to the fourth quarter of 2012, "reflecting the high level of attack activity in the world over the last six months," Prolexic said.