Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) protection services, today reported that mobile applications are being used in DDoS attacks against enterprise customers. This is one of many key findings found in the company’s Q4 2013 Global DDoS Attack Report, which was published today and can be downloaded from www.prolexic.com/attackreports.
“The prevalence of mobile devices and the widespread availability of downloadable apps that can be used for DDoS is a game changer,” said Stuart Scholly, president of Prolexic. “Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use. Because it is so easy for mobile device users to opt-in to DDoS attack campaigns, we expect to see a considerable increase in the use of these attack tools in 2014.”
Data gathered in Q4 from attacks against Prolexic’s global client base shows that mobile devices participated in a DDoS attack campaign against a global financial services firm. Digital forensics and attack signature analysis conducted by the Prolexic Security Engineering and Response Team (PLXsert) detected the use of AnDOSid, an Android operating system tool that performs an HTTP POST flood attack.
“Mobile devices add another layer of complexity,” explained Scholly. “Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time.”
Prolexic believes that developers of applications commonly used in DDoS attacks like Low Orbit Ion Canon (LOIC) will increasingly port them to mobile platforms in 2014. “Traditionally, some type of infection or malware was required,” said Scholly. “With mobile apps, malicious actors can choose to proactively participate in orchestrated DDoS attack campaigns. When you consider how many mobiles device users there are in the world, this presents a significant DDoS threat.”
Prolexic’s latest DDoS attack report shows the total number of attacks against its clients in Q4 2013 once again set a new record for one quarter, illustrating the heightened level of DDoS activity throughout 2013. Compared to the same quarter one year ago, total attack volume increased 26 percent. A week-by-week comparison to Q4 2012 shows increases in attack volume across eight of the 12 weeks of the quarter.
Global DDoS attack report compared to Q4 2012
- 26.09 percent increase in total DDoS attacks
- 17.42 percent increase in application layer (Layer 7) attacks
- 28.97 percent increase in infrastructure layer (Layer 3 & 4) attacks
- 28.95 percent decrease in average attack duration: 22.88 vs. 32.21 hours
Compared to Q3 2013
- 1.56 percent increase in total DDoS attacks
- 0.55 percent increase in application layer (Layer 7) attacks
- 1.86 percent increase in infrastructure layer (Layer 3 & 4) attacks
- 7.25 percent increase in average attack duration: 22.88 vs. 21.33 hours
- 48.04 percent increase in average peak attack bandwidth to 4.53 Gbps
- 151.21 percent increase in peak packets-per-second rate to 10.60 Mpps
Analysis and emerging trends
The largest DDoS attack Prolexic mitigated in Q4 peaked at 179 Gbps, which is the largest DDoS attack the company has faced to date. Attack sizes continue to grow and this quarter, Prolexic mitigated several attacks over 100 Gbps.
As in previous quarters, malicious actors continued to favor launching Layer 3 and Layer 4 attacks targeting infrastructure elements. Infrastructure attacks accounted for 76.76 percent of total attacks during the quarter with application layer attacks making up the remaining 23.24 percent. UDP (13.15 percent), UDP fragment (17.11 percent), DNS (9.58 percent), SYN (14.56 percent) and HTTP GET (19.91 percent) floods were the most common attack types directed against Prolexic clients. The CHARGEN protocol, commonly used in reflection attacks, increased 92.31 percent this quarter, illustrating the growing popularity of this attack type.
“Looking back over 2013, a number of significant DDoS trends were observed,” said Scholly. “These include the emergence of Layer 7 toolkits, the rise in DDoS-for-hire services, the resurrection of amplified Distributed Reflection Denial of Service (DrDoS) attacks as a common and powerful attack vector, as well as the steady rise in the number of DDoS attacks originating from Asian countries.”
These trends are discussed in detail in Prolexic’s “Q4 2013 Global DDoS Attack Report.” A complimentary copy is available as a free PDF download from www.prolexic.com/attackreports. Prolexic’s Q1 2014 report will be released early in the second quarter of 2014.