Distributed denial of service (DDoS) attacks are getting more complex, with attackers becoming wise to the ways of DDoS threat prevention. That’s according to a new report from Incapsula Inc., a U.S.-based security solutions provider.
In a report collecting samples of more than 154 million unique DDoS bot sessions, as well as during a period from November 30, 2013 to February 27, 2014, Incapsula researchers spotted an uptick in the number of ways attackers are launching network DDoS attacks.
In the last 90 days (the time period between November 30, 2013, and February 27, 2014), 81 per cent of all the recorded network attacks used two or more attack methods. Thirty-nine per cent used three or more attack methods, all at the same time – showing attackers have learned to distract defenders with the attacks, to look for vulnerabilities to exploit, and to test defenses to see where they’re weakest.
Beyond launching multi-vector attacks, attacks are also getting more complex. Once the province of primitive bots, they’re now coming from browser-based bots that are immune to both JavaScript and cookie challenges – two of the most common ways defenders can filter bots. While Incapsula researchers began noticing that in Q4 of 2013, it became even more noticeable in Q1 of 2014, where DDoS bots accepted and stored cookies, and many were also able to run JavaScript.
Beyond becoming more skillful at working around network defenses, attackers are also reusing their DDoS botnets to attack multiple targets. About 40 per cent of botnets attack more than 50 targets a month, with 12 per cent attacking as many as 200. This means attackers are renting out their DDoS resources to each other, meaning some have more than one owner.
The top source countries for these kinds of attacks came from India, China, and Iran. About 46 per cent of spoofed user-agents came from Chinese search engine Baidu, while nearly 12 per cent mimicked Google.
