On the eve of Quantum Dawn 2, the cybersecurity exercise SIFMA is conducting to test the banking industry's ability to cope with cyberattacks (the date was recently changed to July 18), a new report suggests that cyberattacks continued to increase in the second quarter of 2013.
According to a report released Wednesday by Prolexic Technologies, a provider of services that block distributed denial of service attacks (attacks that involve sending streams of malicious traffic to a web server in the hopes of disabling it), DDoS incidents increased 20% in the second quarter, compared to the first quarter.
The majority - 75% -- of these attacks are infrastructure-directed, meaning they overload network infrastructure by consuming large amounts of bandwidth, for example by making excessive connection requests without responding to confirm the connection. A common type of infrastructure DDoS attack is called a SYN flood; attackers send a huge flood of TCP/SYN packets, often with a forged sender address, to the server. This causes the connection queues to fill up, thereby denying service to legitimate TCP users.
However, the report also shows a 28% increase in the rate of application-layer DDoS attacks compared to the previous quarter. In this type of attack, the perpetrators overload an application server by making excessive login, database lookup or search requests. Application attacks are harder to detect than other kinds of DDoS attacks, according to Prolexic, because the connection has already been established and the requests may appear to be from legitimate users.
The duration of DDoS attacks also lengthened somewhat over the past few months, from 34.5 hours to 38 hours. The average bandwidth of the attacks also increased, from 48.25 gigabytes per second to 49.24 Gbps.
The top country source for malicious DDoS traffic remains China, which Prolexic says is the origin of 39% of attacks. The second most active country was Mexico, with 27% of the DDoS traffic beginning there. The U.S. was responsible for only 4%, according to the report. This is an interesting slide, given that in the first quarter of this year, Prolexic reported that the U.S. was the origin of 22% of DDoS attacks.
April was the most active month of the quarter for DDoS attacks, accounting for 40% percent of all attacks, followed by May (32%) and June (29%). This quarter, two weeks tied for the most active week of the quarter: April 8-14 and April 15-21. This high level of activity, Prolexic says, can be attributed to attacks against financial services clients and the ongoing use of the itsoknoproblembro toolkit.