Incident Response, TDR

DDoS attacks grew in size, threats became more complex, Q3 reports say

The third quarter of 2014 was peppered with distributed denial-of-service (DDoS) attacks and threats from Bash bug and advanced persistent threats, according to a trio of recently released reports.

The "Verisign Distributed Denial of Service Trends Report Q3 2014" revealed that the number of DDoS attacks 10 Mbps or above increased 38 percent over the second quarter to account for more than 20 percent of all attacks. The report noted that attackers were persistent in their attempts to attack their targets, hitting them on average more than three separate times.

Media and entertainment were the most targeted industry during the quarter, racking up more than 50 percent of all mitigation activity, Verisign's research showed.

The number of attacks in the 10 Gbps and above category grew by 38 percent from Q2 to represent more than 20 percent of all attacks in Q3. The average attack size declined by 48 percent — not surprising since Q2 was marked by a high frequency of massive attacks. By taking those very large attacks out of the equation, though, meant that Q3 average attack size was 40 percent larger than in Q2.

But a similar report from Black Lotus showed a downtick in both the size and frequency of DDoS attacks — the company's customers saw an 87 percent drop in bit volume attacks. But Black Lotus' "Q3 2014 Threat Report" attributed the decline to attackers favoring more complex attacks, such as SYN floods and application layer attacks, rather than amplification attacks. 

In fact, of the 58 percent of the 255,564 attacks considered severe in the quarter, almost half were SYN flood attacks. And 15 percent were aimed at web servers and domain name services (DNS) and caused site outages. Those attacks, Black Lotus said, are difficult to mitigate without the aid of professionals.

“Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyberattackers targeting crucial ports to thwart legitimate traffic from reaching online destinations,” the report warned.

Increasingly, DDoS attacks are originating in Vietnam, India and Indonesia, which will represent the up and comers of 2015, Black Lotus said, but in Q2, China dominated, with the U.S. and Russia in the second and third place slots.

Threats in Q3 didn't come exclusively from DDoS attacks, of course. A blog post detailing the "IT Threat Evolution Q3 2014" from Kaspersky Lab noted that the emergence of Shellshock “loomed menacingly over the entire Q3.” 

The post said “everything else seems pallid by comparison” to the Bash bug and Heartbleed, which made its mark earlier in the year.

But the researchers warned against disregarding other threats, which included Crouching Yeti/Energetic Bear, Epic Turla APT campaigns, “a significant increase in the number of malicious attacks (of various kinds), and a burst of mobile banking Trojans.”

Kaspersky revealed a 33.1 percent increase in malicious attacks that were “blocked on the computers and mobile devices”of the company's users. 

In addition, 31 percent more unique URLs triggered web anti-virus detections and the number of mobile malware samples that were added to the security firm's collection jumped by 14.4 percent. 

A 3.4 percent uptick in mobile banking Trojans was noted and the number of countries in which those trojans were detected doubled.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.