UK Sites Pummelled by DDoS Storm in Q4

UK websites suffered a sharp increase in DDoS attacks of over 20% quarter-on-quarter to become the second most targeted country in the world after the US, according to the latest stats from Imperva.

The security firm compiled itsDDoS Threat Landscape Report using data from 3,997 network layer and 5,443 application layer DDoS attacks it stopped for customers during the fourth quarter of 2015.

It found the number of attacks against UK sites rose from just 2.5% of the global total in Q3 to 23.2% in Q4, propelling the country to second overall behind the US (47.6%).

Japan also suffered more heavily than before, with DDoS attacks increasing from 1.2% to 8.6% over the same period, pushing it into third place.

China (39.8%), South Korea (12.6%), the US (11.7%) and Vietnam (5.8%) remained the top countries in terms of attack traffic origin, the report revealed.

Nitol (33.3%) and PCRat (32.8%) accounted for the majority of botnet activity.

Imperva claimed that the second half of 2015 saw a spike in the number of DDoS-as-a-service attacks, with more customers subjected to high-volume network layer DDoS bursts as opposed to the long—sometimes weeks long—campaigns seen at the start of the year.

The firm revealed an increase in high volume attacks using smaller-sized network packets, which apparently force victim organizations to think about processing capacity (Mpps), rather than network bandwidth (Gbps) to protect their assets.

For example, the biggest network layer attack mitigated by Imperva during the period was an SYN flood that peaked at 325 Gbps and 115 Mpps but lasted just 40 minutes.

Over 80% of network layer attacks lasted less than 30 minutes, while 58% of application layer attacks lasted just an hour or less.

However, almost half (44.7%) of the victims of application layer attacks are hit more than once, according to the report.

Imperva CTO, Amichai Shulman warned that DDoS attacks can’t be stopped at the network perimeter.

“DDoS attacks must be mitigated as far from the target network as possible and as close to the source of the attack traffic as possible,” he told Infosecurity.

“For that end, organizations who need to defend themselves against such attacks must resort to using a cloud-based DDoS mitigation service. These services have scrubbing centers distributed all around the world and are inspecting and cleaning the traffic closer to its origin, before it aggregates to a critical mass that take down the target network or even its ISP.”

Photo © Profit_Image

What’s Hot on Infosecurity Magazine?