Survey: Types of DDoS attacks on the rise due to hacktivist groups

New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.

Distributed denial-of-service (DDoS) attacks are on the rise, mainly from hacktivism-driven attackers with idealistic motives or merely a desire to wreak havoc.

If the application attack succeeds, it might be able to keep the application down for a longer time because the victims will be working on fixing the volumetric attacks first.

Darren Anstee
Arbor Networks

That conclusion about DDoS trends comes from a survey by DDoS-mitigation vendor Arbor Networks, conducted between October 2010 and November 2011 among 114 large service providers and enterprises from around the world.

According to the survey report, which was published this week, 91% of respondents experienced at least one DDoS attack per month in 2011 (up from 76% in 2010); 44% experienced 10 or more attacks (up from 35% in 2010); and 22% experienced more than 50 attacks per month in 2011.

Unsurprisingly, in the year that saw major attacks carried out by hacktivist groups such as Anonymous and LulzSec, the organisations polled rated hacktivism and vandalism as the top motives for DDoS attacks.

Looking at the type of DDoS attacks, Arbor Networks found attackers are managing to generate even greater levels of traffic to fire at organisations, consuming their network bandwidth, and causing their performance to degrade or fail. These high-bandwidth attacks are becoming the norm, with 40% of respondents reporting attacks greater than 1 Gbps and 13% suffering attacks greater than 10 Gbps. Some had reached 100 Gbps.

The findings also showed a rise in the number of application-level attacks, as well as those using multiple attack vectors. Darren Anstee, EMEA solutions architect for Arbor Networks, said this revealed a growing sophistication amongst the hacker community.

"It's worrying that we are seeing more application-layer attacks against Web services and Internet Relay Chat (IRC)," he said."The key issue is these attacks can be very effective at lower traffic rates and with smaller numbers of hosts involved. They can also be protocol-conformant, which means they don't get picked up by an intrusion detection and prevention system. It can be difficult to mitigate."

Anstee added that hackers may also use a combination of DDoS attack methods, launching brute force "volumetric" attacks and at the same time launching an attack against an application. "This makes it more likely they will bring the service or customer down, and if the application attack succeeds, it might be able to keep the application down for a longer time because the victims will be working on fixing the volumetric attacks first," he said.

With ideology and vandalism driving so many attackers, this increases the likelihood of any organisation becoming a victim, Anstee said. For instance, companies supplying or dealing with organisations that have incurred the anger of certain groups -- which could be for political or religious reasons or because the company is involved in contentious industries such as tobacco or animal research -- could suddenly find themselves becoming a target.

However, some more traditional reasons for DDoS attacks were still featured in the survey results, with 29% of respondents saying online gaming was a major target, and 25% saying it was criminals showing off their capabilities, either to prospective customers or to victims. In some parts of the world, notably the Far East, DDoS is regularly used as a weapon for disrupting a rival's business.

"It's almost a part of doing business in the Asia-Pacific region," Anstee said, "although it is less common in Western Europe."

The Arbor Networks report also registered a small number of DDoS attacks against IPv6-based services, but concluded that at this stage the criminals are not seeing IPv6-based services as major targets.

Read more on Hackers and cybercrime prevention