Attackers upping the ways they use DDoS attacks

Distributed denial of service (DDoS) attacks are getting more complex, with attackers becoming wise to the ways of DDoS threat prevention. That’s according to a new report from Incapsula Inc., a U.S.-based security solutions provider.

In a report collecting samples of more than 154 million unique DDoS bot sessions, as well as during a period from November 30, 2013 to February 27, 2014, Incapsula researchers spotted an uptick in the number of ways attackers are launching network DDoS attacks.

In the last 90 days (the time period between November 30, 2013, and February 27, 2014), 81 per cent of all the recorded network attacks used two or more attack methods. Thirty-nine per cent used three or more attack methods, all at the same time – showing attackers have learned to distract defenders with the attacks, to look for vulnerabilities to exploit, and to test defenses to see where they’re weakest.

Percentage of DDoS attacks using one or more attack vectors. (Image: Incapsula).
Percentage of DDoS attacks using one or more attack vectors. (Image: Incapsula).

Beyond launching multi-vector attacks, attacks are also getting more complex. Once the province of primitive bots, they’re now coming from browser-based bots that are immune to both JavaScript and cookie challenges – two of the most common ways defenders can filter bots. While Incapsula researchers began noticing that in Q4 of 2013, it became even more noticeable in Q1 of 2014, where DDoS bots accepted and stored cookies, and many were also able to run JavaScript.

Beyond becoming more skillful at working around network defenses, attackers are also reusing their DDoS botnets to attack multiple targets. About 40 per cent of botnets attack more than 50 targets a month, with 12 per cent attacking as many as 200. This means attackers are renting out their DDoS resources to each other, meaning some have more than one owner.

Countries of origin for DDoS attacks. (Image: Incapsula).
Countries of origin for DDoS attacks. (Image: Incapsula).

The top source countries for these kinds of attacks came from India, China, and Iran. About 46 per cent of spoofed user-agents came from Chinese search engine Baidu, while nearly 12 per cent mimicked Google.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs