Q2 2015 Global DDoS Threat Landscape

Q2 2015 Global DDOS Threat Landscape Analysis is based on data from 1,572 network layer and 2,714 application layer DD0S attacks mitigated by Incapsula services from March 1 through May 7, 2015. Information about DDOS bot capabilities and assumed identities comes from a sample of 60 million DDOS bot sessions collected over the same period. Tenacious Attacks Resemble Advanced Persistent Threats Largest application layer attack peaks at 179,712 RPS (requests per second) Largest network layer attack peaks at 253 Gbps Network Layer Attack Trends RPS Gbps UDP 56.7% SYN 50.7% Large SYN 22.0% ТСР 21.2% DNS 12.3% Botnets-for-hire are behind 40 percent of all network layer attacks. Average price of a botnet-for-hire attack: $38/hour ICMP 10.4% NTP 9.5% Frequency High and Duration Long DNS Amp. 7.9% On average, targets are hit once a week. UDP is the most common Mon 03 attack method, used in 56 30 01 02 20 percent of all network layer DDOS attacks last over 5 days percent of attacks. DDOS os 06 09 10 11 07 DDOS -> 17 percent of targets hit more Of these, eight percent are 17 18 UDP 16 14 15 SSDP DDOS attacks, 12 13 than 5 times DDOS 19 21 23 24 25 launched from "Internet of 22 20 47 percent of all targets are hit again within 60 days Things" devices. DDOS 26 27) 28 29 30 31 More than half of all network layer DDOS attacks are multi-vector Every hour of unmitigated DDOS costs a DNS and NTP amplification attacks falling business $40,000. Persistent attacks out of favor entail losses of hundreds of thousands- if not millions. Large-SYN floods cause the most damage Application Layer Attack Trends Botnets' Global Footprint Most aggressive DDOS botnets 56 percent of DDOS bot traffic 26% emerged from China, Vietnam, MrBlack 26.4% Bots with browser-like US, Brazil, and Thailand. Nitol 18.4% capabilities PCRat 17,7% MrBlack botnet is the most 74% Cyclone 12,1% aggressive, despite not being Primitive bots DirtJumper 5.1% the largest. DDOS bots mimic browser capabilities in order to bypass security measures. Steep drop in the number of search engine impersonators. 9.7% 14.9% 13.8% Analysis points to higher diversity in DDOS bot assumed identities. 8.1% Ten most common fabricated user-agents are only O 9.5% used in 43 percent of attacks (down from 90 percent in 2014). DDOS Thugs Adopt Targeted Persistent Advanced APT-like Tactics Specific targets are Attackers orchestrate Attackers coordinate chosen in advanced. Offenders are mounting complex multiphase and DDOS assaults with other advanced attacks that Attackers conduct multi-vector assaults. cyberattacks. Stealth early reconnaissance Individual attacks can resemble advanced tactics are employed to to expose targets' easily last for days, weeks, persistent threats. bypass security weaknesses. or even months at a time. countermeasures. Brought to you by IMPERVA Incapsula A complete report is available at Incapsula.com