Quarterly Global DDoS Attack Report: Q4 2013

Published January 14, 2014

Quarterly Global DDoS Attack Report: Q4 2013

What You’ll Learn:

In this report, you will learn detailed statistics about Internet and network security DDoS trends for the quarter, including:

  • Analysis of DDoS attack trends, including mobile app usage and a growing DDoS threat
  • Gbps/Mpps statistics
  • Year-over-year and quarter-by-quarter analysis
  • Application layer attacks
  • Infrastructure attacks
  • Attack frequency, size and sources
  • Where and when DDoSers strike
  • Case study and analysis of the DDoS threat from Asia

What You Need to Know

  • In 2013, the most significant developments in DDoS were Layer 7 DDoS toolkits, the use of reflection and amplification in attacks, and Best Common Practice 38 (BCP 38) adoptions.
  • During Q4 2013, DDoS mitigation experts examined the sourcing of malicious application layer traffic from countries in Asia. They identified a high amount of code reuse and public DDoS attack source code available on private forums and pay-to-use websites.
  • The resurrection of amplified Distributed Reflection Denial of Service (DrDoS) has reduced the resources needed by malicious actors to launch devastating infrastructure attacks.

Several security community actions are recommended:

  • Remediate all misconfigured CHARGEN and NTP servers.
  • Implement the Internet Engineering Task Force (IETF) Best Common Practice 38 (BCP38). This document proposes ingress filtering at the Internet service provider level to deny packets with forged addresses a route to the Internet.
  • Continue efforts toward misconfigured host cleanup, thereby putting a dent in the attackers’ amplification arsenal.

Spotlight: Cybersecurity attacks increasingly make use of opt-in mobile DDoS apps

Ready availability, ease of use, expected to fuel future DDoS attack campaigns

Notable DDoS trends from October – December 2013 include the following:

  • Cybersecurity experts observed the growing threat of mobile distributed denial of service (DDoS) attack apps, which allow users to opt-in to DDoS attack campaigns.
  • Technological advances, ease of use and the exponential increase in the use of mobile devices have combined to pose an increasing threat.
  • Super proxies used by mobile networks make it more difficult to filter bad traffic from legitimate traffic, complicating DDoS mitigation efforts.
  • Q4 2013 once again set a new record in DDoS activity. Compared to Q4 2012, total attack volume increased 26 percent. A week-by-week comparison to Q4 2012 shows increases in attack volume across eight of the 12 weeks of the quarter.

Highlights: Q4 2013 global DDoS attack statistics

Compared to Q4 2012

  • 26 percent increase in total DDoS attacks
  • 17 percent increase in application layer (Layer 7) attacks
  • 29 percent increase in infrastructure layer (Layer 3 & 4) attacks
  • 29 percent decrease in average attack duration: 23 vs. 32 hours

Compared to Q3 2013

  • 2 percent increase in total DDoS attacks
  • 1 percent increase in application layer (Layer 7) attacks
  • 2 percent increase in infrastructure layer (Layer 3 & 4) attacks
  • 7 percent increase in average attack duration: 23 vs. 21 hours
  • 48 percent increase in average peak attack bandwidth to 5 Gbps
  • 151 percent increase in peak packets-per-second rate to 11 Mpps

Related Q4 2013 Global DDoS Attack Report Assets

Contact Us