Brian Jackson - Fotolia

DDoS attacks starting to resemble APTs, warns Imperva

Like advanced persistent threats (APTs), many distributed denial of service (DDoS) attacks are characterised by long durations, repetition and changing attack vectors

Distributed denial of service (DDoS) attacks are beginning to resemble advanced persistent threats (APTs), according to Imperva’s Q2 2015 Global DDoS Trends Report.

The report is based on more than 3,000 mitigated DDoS attacks against organisations, from 1 March to 7 May 2015.

Like APTs, many of these DDoS attacks were characterised by long durations, repetition and changing attack vectors aimed at evading simple, signature-based defence systems.

During the research period, 71% of all network layer attacks lasted under three hours; and over 20% lasted for more than five day​s.

The longest attack seen during the research period was 64 days, with many other sustained attempts to bring down websites.

Once targeted by an application layer attack, a website will likely be attacked again once every 10 days on average. Some 17% of sites were attacked more than five times; 10% attacked more than 10 times; and several sites were attacked every day, during the 72-day research period.

Botnet hire costs drop

The report highlighted inexpensive botnet-for-hire services used to perpetrate attacks.

With these tools costing as little as $19.99 a month and available for online purchase using Bitcoin, the report said the barrier to mounting such attacks has dropped significantly.

Short, single-vector attacks associated with botnet-for-hire services accounted for approximately 40% of all network layer attacks during the research period.

Read more about DDoS attacks

  • Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of £100,000 or more an hour at peak times.
  • All indications show that DDoS attacks are increasing in variety, number and size.
  • Cyber threats evolve at the same pace as technology, and denial-of-service attacks are no different.
  • Employ a mix of internal and cloud-based DDoS mitigation controls to minimise business disruptions from these increasingly complex attacks.

“Compared to just a few years ago, the frequency, sophistication and duration of attacks have noticeably increased,” said Marc Gaffan, general manager for the Incapsula service at Imperva.

“Professional hackers are mounting advanced attacks that are now resembling advanced persistent threats. We believe that this increased sophistication is due to attackers studying how DDoS mitigation solutions detect and block attacks and implementing new techniques to attempt to bypass them," said Gaffan. 

"As a result, it’s important for enterprises of all sizes to understand the risks DDoS attacks pose and create a readiness plan.”

In May 2015, it emerged that a gang using DDoS attacks to extort bitcoins had begun targeting high-profile organisations in key sectors in Europe, prompting government advisories.

This is in line with the trend of criminal gangs repurposing DDoS attacks initially intended to knock organisations offline by flooding them with network traffic.

But cyber criminals are increasingly using DDoS attacks as a smokescreen to hide other activities, such as stealing data or money, and for extortion.

Extortion gang DD4BC (DDoS for bitcoins) looks set to take this form of attack to a new level, threatening financial and energy sector firms with unprecedented volumes of malicious traffic.


Read more on Hackers and cybercrime prevention