Quarterly Global DDoS Attack Report: Q3 2013

Published October 23, 2013

Quarterly Global DDoS Attack Report: Q3 2013

What You Need to Know

  • The third quarter of 2013 was not filled with stories of digital warfare or extreme cases of rampant hacktivism. Instead it was best exemplified by groups of script kiddies graduating into digital crime.
  • A typical instance of Q3 2013 cybercrime was hackers assembling very simple DDoS-for-hire sites that could run from an iPad.
  • These sites democratize DDoS attacks with slick user interfaces and convenient payment methods, opening up the market to malicious actors who can easily inflict damage on small to medium businesses for as little as US$5.
  • The addition of amplification modules to these DDoS-for-hire sites highlights a growing problem: generating a DDoS attack costs far less than mitigating one and requires limited skills and resources.

Prevention of fraud and other malicious activity requires action from the cybersecurity community, such as:

  • Cleanup efforts for CHARGEN and other obsolete protocols especially susceptible to amplification and reflection attack.
  • Making it more difficult to send money to the criminals offering DDoS-for-hire.

Spotlight: DDoS perpetrators changed tactics to amplify attack sizes and hide identities

Malicious actors are shifting to reflection and amplification attacks to launch more powerful attacks with fewer resources.

Notable DDoS trends from July – September 2013 include the following:

  • Although the average distributed denial of service (DDoS) attack duration declined considerably, Q3 2013 set a record for the number of attacks, demonstrating a consistently heightened level of global DDoS attack activity.
  • Reflection attacks increased 70 percent from Q2 to Q3, and more than 265 percent from Q3 2012.
  • Distributed reflection denial of service (DrDoS) attacks are increasingly popular because they give attackers an easily obscured means of amplifying attack.
  • More than 62 percent of Q3 2013 DDoS attacks originated in China.

Highlights: Q3 2013 global DDoS attack statistics

Compared to the second quarter of 2013

  • 2 percent increase in total DDoS attacks
  • 6 percent decrease in application layer (Layer 7) attacks
  • 4 percent increase in infrastructure (Layer 3 & 4) attacks
  • 44 percent decrease in the average attack duration: 21 hours vs. 38 hours

Compared to the third quarter of 2012

  • 58 percent increase in total DDoS attacks
  • 101 percent increase in application layer (Layer 7) attacks
  • 48 percent increase in infrastructure (Layer 3 & 4) attacks
  • 12 percent increase in the average attack duration: 21 hours vs. 19 hours

Contact Us