Q4 2017 Global DDoS Threat Landscape Report

Haythem Elmir

Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,055 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q4 2017.

In Q4, the number of application layer attacks nearly doubled, just as the number of network layer assaults declined. In both cases, however, we saw attacks grow more persistent.

Target wise, the cryptocurrency industry continued to draw the attention of DDoS offenders, ranking as the fifth most attacked industry this quarter alongside some of the more regular attack targets. Another notable development was the high number of network layer assaults against businesses in the APAC region. In the last quarter of the year, the region served as home to seven out of the top-ten attacked countries. Combined, they drew 68.9 percent of all network layer DDoS attacks.

DDoS report_top attacked countriesFigure 1: Top attacked countries, by number of network layer attacks 

Report Highlights

Amidst Price Spike, Attacks on Cryptocurrency Industry Continue

Bitcoin was once again the eighth most targeted industry in Q4, after making its first appearance on the top-10 list in the prior quarter. Furthermore, it came in fifth place for the most attacks suffered, outscoring such established and commonly attacked business sectors as financials and publishing.DDoS report_top attacked industriesFigure 2: Top attacked industries, by number of network layer attacks


The increase in attacks against bitcoin-related sites is likely linked to a growth spike experienced by the industry late last year when cryptocurrency prices reached an all-time high. As prices have since subsided, it will be interesting to see if the overall number of attacks declines as well in the coming months.

Even after the recent price drop, there currently remains 190 active cryptocurrency exchanges, up from 70 in Q3. Of these, 24 exchanges have a daily turnover of more than 10 million USD. With an ever-increasing number of targets, despite the volatility in the price of bitcoin, we expect to see assaults directed at the cryptocurrency industry continue for the foreseeable future.

Application Layer Attacks Double, Assaults Become More Persistent

This quarter, we saw a spike in the number of application assaults, which increased 43 percent over their Q3 levels. Network layer attacks, on the other hand, fell by more than 50 percent since last quarter.

DDoS report_number of attacks per week

Figure 3: Number of weekly DDoS attacks QoQ


Interestingly, even as the number of application layer assaults went up and network layer attacks decreased, both became more persistent. Our data shows that 63.3 percent of application layer DDoS targets were subjected to repeat attacks, up from 46.7 last quarter.

DDoS report_repeat app layer attacks

Figure 4: Repeat application layer attacks Q0Q


In the case of network layer attacks, the number of repeat DDoS assaults went up to 67.4 percent, compared to 57.8 percent in Q3. However, the average number of attack decreased, as most of the repeat assaults consisted of two to five bursts.

DDoS report_repeat network layer attacks

Figure 5: Repeat network layer attacks Q0Q

The increase in attack persistence reflects the growing ease with which bad actors can launch multiple DDoS attacks. Today, even if a mitigation service is able to deflect an initial attack, perpetrators have every reason to try again and again, until they take down their target or grow bored and move on.

This obviously highlights the need for a hands-off mitigation solution that can be automatically activated to mitigate every repeat attack burst. In the absence of such a solution, a persistent DDoS campaign can quickly turn into a prolonged war of attrition, forcing an enterprise to spend money and man-hours to fight off a series of assaults.
To read the original articlehttps://www.imperva.com/blog/2018/03/q4-2017-global-ddos-threat-landscape-report/



Laisser un commentaire

Next Post

TeleRAT, a new Android Trojan that uses Telegram for data exfiltration

Security experts at Palo Alto Networks discovered a new Android Trojan dubbed TeleRAT that uses Telegram Bot API to communicate with the command and control (C&C) server and to exfiltrate data. TeleRAT appears to be originating from and/or to be targeting individuals in Iran, experts found similarities with another Android malware dubbed […]