Prolexic says Layer 7 attacks declined in Q2 2012
Total number of DDoS attacks increased 10% this quarter
DDoS attack prevention experts Prolexic Technologies, has released its Quarterly Global DDoS Attack Report, which shows that the number of application layer (Layer 7) attacks against its global client base declined in Q2 2012.
The total number of DDoS denial of service attacks increased 10% this quarter, however the Prolexic Security Engineering & Response Team (PLXsert) logged an 8% decline in application layer DDoS attacks, which accounted for 19% of all attacks.
Infrastructure attacks (Layer 3 and 4) against bandwidth capacity and routing infrastructures totaled 81%.
"Q2 data showed a return to traditional infrastructure attacks and is likely a reflection of changing tools for launching DDoS attacks," said Stuart Scholly, president of Prolexic. "With Layer 7 attacks, the risk of detection and eventual take down by law enforcement increases because these attacks disclose the IP address of the attacking botnet and this may be another reason for their decline this quarter."
According to Prolexic, GET Floods, the most popular Layer 7 attack type, continues to decline in popularity. In Q2 2011, GET Flood attacks accounted for 22% of all DDoS attack campaigns mitigated by Prolexic. In Q2 2012, GET Flood attacks account for just 14%. PLXsert also identified a rise in popularity for certain types of infrastructure-directed DDoS attacks: ICMP, SYN, and UDP floods.
In Q2 2011, these attack types accounted for 55% of attacks mitigated by Prolexic. In Q1 2012, they accounted for 59% and this quarter, the total percentage has increased to 67%.
The report also revealed that the average attack duration declined to 17 hours from 28.5 and that China retained its position as the main source country for DDoS attacks When compared to Q2 2011, 2012 has so far seen a 50% increase in the total number of DDoS attacks, an 11% increase in infrastructure (Layer 3 & 4) attacks and a 63% higher packet-per-second (pps) volume.
In Q2 2012, DDoS attacks against Prolexic's global client base were evenly spread across all vertical industries - financial services, e-Commerce, SaaS, payment processing, travel/hospitality, and gaming.
"No industry was spared this quarter, illustrating that denial of service is a global, mainstream problem that all online organisations must face," said Scholly.
In Q2 2012, average attack duration for Prolexic clients continued to decline, dropping to 17 hours from 28.5 hours the previous quarter. Despite a low number of DDoS attacks in April and May, Q2 2012 was active overall, with the total number of denial of service attacks increasing by 10% compared to Q1 2012.
This quarter, June was by far the most active month, accounting for 47% of the quarter's total number of DDoS attacks. The week of June 3-10 was the most active when PLXsert logged 14% of the entire quarter's total number of DDoS denial of service attacks. Interestingly, this period of high activity coincided with the beginning of the UEFA Euro 2012 soccer tournament.
Data for the Q2 2012 report has been gathered and analysed by the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment.