As we’ve reported repeatedly in these pages, distributed denial of service attacks are growing both in terms of number and size.
Now it seems that DDoS attackers are coming up with even more elaborate tools and attack methods to take down websites and networks, according to the latest report from DDoS mitigation firm Imperva.
Imperva’s analysis is based on data from 3,791 network layer and 5,267 application layer DDoS attacks on websites using its Incapsula services from January 1, 2016 through February 29, 2016.
For example, attackers are expanding their use of browser-like DDoS bots capable of bypassing standard security challenges. The use of these bots increased to a record-breaking 36.6 percent of application layer attacks, up from 6.1 percent in the previous report.
In addition, DDoS attackers are increasingly using upload scripts to mount multi-gigabit HTTP POST flood attacks. The scripts randomly generate large files and attempt to upload them to the server, creating an HTTP flood of extremely large content-length requests.
Also, network layer attacks are growing more sophisticated. Attackers are employing millions-of-packets-per-second, or Mpps, assaults in which small network packets are pumped out at extremely high speed to overwhelm network switches, resulting in denial of service.
In terms of botnets, the first quarter saw a steep increase in DDoS traffic out of South Korea, making it the country of origin for 29.5 percent of botnet activity. The majority of these assaults were aimed at websites hosted in Japan and the United States.
The United States took the brunt of all DDoS attacks, with a majority of attacks targeting that country. The United Kingdom came in a distant second with 9.2 percent of attacks targeting that country.