Q3 2013 Global DDoS Attacks | DDoS Attack Statistics


Published on

In Q3 2013, malicious actors shifted to reflection and amplification (DrDoS) attacks to launch more powerful DDoS attacks with fewer resources. This graphical analysis of attacks against Prolexic’s global client base showed an increase in reflection attacks and UDP floods and a decline in the use of SYN floods.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Q3 2013 Global DDoS Attacks | DDoS Attack Statistics

  1. 1. Q3 2013 Global DDoS Attack Report DDoS perpetrators changed tactics to amplify attack sizes and hide identities Use of the CHARGEN protocol increased 3.37% when compared to other infrastructure attack methods. Adoption of the UDP-based CHARGEN protocol has been rapid as it is widely available on the DDoS-as-a-Service market. Application attacks declined slightly to 23.48%, down from 25.29% in Q2 2013. Compared to Q3 2012, application attacks have increased by almost 6% (from 17% to 23%). SSL POST: 0.26% SSL GET: 0.78% PUSH: 0.91% HTTP POST: 3.37% ACK: 1.69% CHARGEN: 3.37% FIN PUSH: 0.39% HEAD: 0.13% N IO DNS: 8.94% ER LAY ICMP: 11.41% Traditional attack methods, such as ICMP floods, dropped this quarter. The movement away from ICMP floods toward reflected amplification attacks is due to a shift in attack offerings among DDoS-as-a-Service stressor services. 23.48% R APP LIC AT HTTP GET: 18.03% 8.9% of infrastructure attacks were based on the DNS attack protocol, a 4% increase compared to Q3 2012 (5%). L AY E 76.52% TU RE UDP Fragment: 14.66% IN F R A U ST R C RESET: 1.94% RIP: 0.13% RP: 0.39% SYN: 18.16% UDP Floods: 14.66% SYN PUSH: 0.13% TCP Fragment: 0.65% The UDP attack vector totaled 29.32% of all attacks – a 10% increase compared to the previous quarter, returning to levels seen in Q2 2012. A significant portion of UDP floods were reflected amplification attacks using DNS and CHARGEN. Infrastructure attacks increased 2% compared to Q2 2013. Compared to Q3 2012, infrastructure attacks fell by almost 6% (81.40 to 76.52&) THE BOTTOM LINE: At 18.16%, the percentage of SYN floods has decreased this quarter compared to Q2 2013 and Q3 2012, but SYN floods still remain the most popular of all infrastructure attacks, most likely due to the proliferation of easy-to-use stress-testing tools that are freely available. There was a significant shift to reflection-based attack vectors in Q3 2013, rising 69% compared to the previous quarter, and 265% when compared to the same quarter a year ago. www.prolexic.com