Application Layer (Layer 7) DDoS Attacks Decline According to Prolexic's Q2 2012 Report
HOLLYWOOD, FL – Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) protection services, today announced that the number of application layer (Layer 7) attacks against its global client base declined in Q2 2012. This is one of a number of key findings contained in the company’s Quarterly Global DDoS Attack Report, which was released today.
Even though the total number of DDoS denial of service attacks increased 10% this quarter, the Prolexic Security Engineering & Response Team (PLXsert) logged an 8% decline in application layer DDoS attacks, which accounted for 19% of all attacks. Infrastructure attacks (Layer 3 and 4) against bandwidth capacity and routing infrastructures totaled 81%.
“Q2 data showed a return to traditional infrastructure attacks and is likely a reflection of changing tools for launching DDoS attacks,” said Stuart Scholly, president of Prolexic. “With Layer 7 attacks, the risk of detection and eventual take down by law enforcement increases because these attacks disclose the IP address of the attacking botnet and this may be another reason for their decline this quarter.”
GET Floods, the most popular Layer 7 attack type, continued to decline in popularity. In Q2 2011, GET Flood attacks accounted for 22% of all DDoS attack campaigns mitigated by Prolexic. In Q2 2012, GET Flood attacks account for just 14%.
PLXsert also identified a rise in popularity for certain types of infrastructure-directed DDoS attacks: ICMP, SYN, and UDP floods. In Q2 2011, these attack types accounted for 55% of attacks mitigated by Prolexic. In Q1 2012, they accounted for 59% and this quarter, the total percentage has increased to 67%.
Other highlights from the Q2 2012 Global DDoS Attack Report
Compared to Q1 2012
- 10% increase in total number of attacks
- 8% rise in Layer 3 and 4 infrastructure attacks
- Average attack duration declines to 17 hours from 28.5
- China retains its position as the main source country for DDoS attacks
Compared to Q2 2011
- 50% increase in total number of DDoS attacks
- 11% increase in infrastructure (Layer 3 & 4) attacks
- Shorter average attack duration: 17 hours vs. 26 hours
- 63% higher packet-per-second (pps) volume
Analysis and emerging trends
This quarter, DDoS attacks against Prolexic’s global client base were evenly spread across all vertical industries - financial services, e-Commerce, SaaS, payment processing, travel/hospitality, and gaming. “No industry was spared this quarter, illustrating that denial of service is a global, mainstream problem that all online organizations must face,” said Scholly.
In Q2 2012, average attack duration for Prolexic clients continued to decline, dropping to 17 hours from 28.5 hours the previous quarter. “Once DDoS attackers realize they are up against Prolexic’s cloud-based DDoS mitigation infrastructure, they typically move on and choose easier targets where they can have much greater impact,” explained Scholly.
Despite a low number of DDoS attacks in April and May, Q2 2012 was active overall, with the total number of denial of service attacks increasing by 10% compared to Q1 2012. This quarter, June was by far the most active month, accounting for 47% of the quarter’s total number of DDoS attacks. The week of June 3-10 was the most active when PLXsert logged 14% of the entire quarter’s total number of DDoS denial of service attacks. Interestingly, this period of high activity coincided with the beginning of the UEFA Euro 2012 soccer tournament.
As in previous attack reports, China (33%) is the top source country for distributed denial of service attack traffic and this quarter it is joined at the top of the list by Thailand (23%) and the United States (8%).
“While Layer 7 attacks show a slight decline overall, organizations cannot afford to be complacent because you never know when one will strike” warned Scholly. “If your Internet-facing infrastructure is critical to business operations, you’ll need a DDoS mitigation service that can block volumetric infrastructure attacks, but also all application layer attacks, including HTTPS, GET and POST Floods.”
Data for the Q2 2012 report has been gathered and analyzed by the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through data forensics and post attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with Prolexic customers. By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
A complimentary copy of the Prolexic Quarterly Attack Report for Q2 2012 report is available as a free PDF download from www.prolexic.com/attackreports. Prolexic’s Q3 2012 report will be released in the fourth quarter of 2012.
Prolexic is the world’s largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world’s largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world’s first in-the-cloud DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit www.prolexic.com, follow us on LinkedIn, Facebook and Google+ or follow @Prolexic on Twitter.