Imperva published the Global DDoS Threat Landscape for Q2 2017, the report shows an increase in the amount of persistent application layer DDoS attack over a one-year period.
According to Imperva, over 75% of targets were hit multiple times in Q2 2017, while the percentage was only 43.2% in the same period of 2016.
“We also saw an increase in the frequency of repeat application layer attacks. In total, 75.8 percent of target websites were hit by repeat assaults, the largest percentage we have on record. This was especially true for US based websites, 80.3 percent of which suffered multiple assaults. Moreover, of the 45 targets that suffered 50 or more attacks, 34 were hosted in the US.” states the report.
The researchers observed 973 application layer attacks per week in Q2
The number of application layer attacks observed each week has reached 973 in Q2 2017, it is a slight decrease respect previous quarter when Imperva observed 1,099 attacks per week.
Unfortunately, the number of mitigated network assaults decreased by 51%, falling from 296 per week in Q1 to 196 per week in Q2.
The largest network layer DDoS attack mitigated by Imperva in Q2 peaked at 350 Gbps, it was a so-called pulse wave attack that hit the target with alternating high-volume bursts, the time between each pulse is likely being used to mount a secondary assault on a different target.
The researchers observed a significant increase in attack complexity, multi-vector DDoS attacks accounted for 40.5 percent of all network layer DDoS assaults, a jump from 29 percent in the Q1.
Experts continue to observe short burst network layer attacks, 91.7% of them lasted less than an hour. Such kind of attacks was mostly launched by botnet-for-hire, pulse wave attacks and probing attempts are other principal causes behind the DDoS assaults.
The longest attack of Q2 2017 lasted for more than 147 hours, while 82.5% of attacks lasted less than 30 minutes.
“The largest application layer attack this quarter peaked at 89,134 RPS, which was significantly smaller than last quarter’s 176,393 RPS attack. This quarter’s attack, however, lasted for 48 days, more than twice as long as the one in Q1 2017.” continues the report.
During Q2 2017, 57.4% of all application layer assaults lasted for less than 30 minutes, while 7.4% of attacks lasted more than six hours and 1.7% being longer than 24 hours.
The most targeted country is the US, assaults against the U.S. accounted for 79.7% of all attacks, while China remained the top attacking county.
“China was responsible for 63 percent of attack traffic, once again topping our list of attacking countries. The US (6.4 percent) came in second. Turkey (2.1 percent), Ukraine (1.9 percent) and India (1.8 percent) respectively came in third, fourth and fifth place after each saw a significant increase in DDoS attack traffic originating from their territories.” closes the report.
(Security Affairs – DDoS, hacking)