SlideShare a Scribd company logo

DDoS threat landscape report

Bee_Ware
Bee_Ware

This document summarizes DDoS threat trends from 2013 to early 2014 based on attacks seen by Incapsula. Key findings include: - 81% of network attacks in the last 90 days used multiple vectors simultaneously, with over a third employing 3 or more vectors. This multi-vector approach allows attackers to bypass defenses. - Large SYN floods combined with regular SYN floods ("SYN combo attacks") accounted for around 75% of large-scale network attacks above 20Gbps. - NTP amplification attacks increased significantly in early 2014 and became the most common vector for large attacks in February 2014. - Application layer attacks increased 240% from 2013, with over half originating from India, China, and Iran

TechnologyNews & Politics
1 of 12
Download to read offline
DDoS Threat Landscape Report 2013-2014 +1 (866) 250-7659 info@incapsula.com
Introduction This report was originally intended to be a 2013 DDoS trends report. However, due to the significant DDoS events in January and February of 2014, we have extended the scope of this report to also include the last 90 days. We believe that the trends discovered during this period, in particular, are essential in order to accurately portray the current state of today’s DDoS threat landscape. The findings below are based on hundreds of attacks perpetrated against websites using Incapsula’s DDoS Mitigation service and include the latest Network (Layers 3 & 4) and Application (Layer 7) DDoS trends. We believe that these attacks are a fair representation of the overall DDoS threat landscape and lend valuable insight into the current challenges facing the DDoS protection industry. Incapsula 2013-2014 DDoS Threat Landscape Report +1 (866) 250-7659 info@incapsula.com Research Methodology The 2013-2014 trending graphs are based on peak attack volumes and notable DDoS events recorded over this period. Network (Layers 3 & 4) DDoS attack volumes are measured in Gbps (Gigabits per second); Application (Layer 7) peak attack volumes are measured in MRpm (Millions of Requests per minute). The last 90-days data was collected from November 30, 2013 to February 27, 2014. The network DDoS trending information is based on 237 network DDoS attacks that exceeded 5Gbps, targeting websites on Incapsula's network. Information about the Application (Layer 7) DDoS attacks is based on records of over 154 million unique DDoS bot sessions on Incapsula’s network during this period. (Read more about Incapsula’s bot classification techniques.) At a Glance: Network (Layer 3 & 4) DDoS Attacks • Large SYN Floods account for 51.5% of all large-scale attacks • Almost one in every three attacks is above 20Gbps • 81% of attacks are multi-vector threats • Normal SYN flood & Large SYN flood combo is the most popular multi-vector attack (75%) • NTP reflection was the most common large-scale attack method in February 2014 Application (Layer 7) DDoS Attacks • DDoS bot traffic is up by 240% • More than 25% of all Botnets are located in India, China and Iran • USA is ranked number 5 in the list of “Top 10” attacking countries • 29% of Botnets attack more than 50 targets a month • 29.9% of DDoS bots can hold cookies. • 46% of all spoofed user-agents are fake Baidu Bots (while 11.7% are fake Googlebots)
Network (Layers 3 & 4) DDoS Attacks 2013: Overview In 2013 we witnessed a rapid increase in network DDoS attack volumes, which was facilitated by the adoption of new attack methods (NTP Amplification and Large SYN floods) and also by the development of Internet and specifically cloud infrastructures. As early as February 2013 we were able to track down a single source 4Gbps attacking server, which – if amplified – could alone have generated over 200Gbps in attack traffic. With such available resources it is easy to explain the uptick in attack volume we saw over the course of the year. “Hit and Run” DDoS attacks, which were first documented in April 2013 are part of another parallel trend of attacks that were specifically designed to exploit vulnerabilities in DDoS protection services and human IT operators. These attacks, which rely on frequent short bursts of traffic, are specifically designed to exploit the weakness of services that were designed for manual triggering (e.g., GRE tunneling to DNS re-routing). Hit and Run attacks are now changing the face of anti-DDoS industry, pushing it towards “Always On” integrated solutions. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report 200 160 120 80 40 0 Gigabits/second 100Gbps DDoS blocked. Volumes continue to grow.+60Gbps DDoS attacks, at least once a week. NTP Amp. attacks increase. Biggest one reaching 180Gbps. First “Hit and Run” DDoS noted. Many more to come... 4Gbps DDoS Cannon spotted. Jan2013 Feb2013 Mar2013 Apr2013 May2013 Jun2013 Jul2013 Aug2013 Sep2013 Oct2013 Nov2013 Dec2013 Jan2014 Feb2014 +1 (866) 250-7659 info@incapsula.com
The vast majority of network (Layers 3 & 4) DDoS attacks rely on multi-vector offensive tactics. Figures show that in the last 90 days, 81% of all network attacks employed at least two different attack methods, with almost 39% using three or more different attack methods simultaneously. Multi-vector tactics increase the attacker’s chance of success by targeting several different networking or infrastructure resources. Combinations of different offensive techniques are also often used to create “smokescreen” effects, where one attack is used to create noise, diverting attention from another attack vector. Moreover, multi-vector methods enable attackers to exploit holes in a target’s security perimeter, causing conflicts in automated security rules and spreading confusion among human operators. Finally, multi-vector attacks can be used for “trial and error” reconnaissance, gathering the information needed to allow future attacks to weave their way past the defender’s layers of security. Multi-Vector Attacks Facilitate Hyper Growth The nature of the latest attack trends is a good indicator of the direction in which modern network DDoS attacks are now taking. The multi-vector approach, which is already used by the vast majority of all network attacks, is a clear indication of attackers’ familiarity with current DDoS protection methods and the ways in which these methods can be bypassed and overcome. Another clue comes from the attackers’ most common “weapons of choice”: i.e., large SYN floods, NTP Amplification and DNS Amplification. 2014: Emerging Trends Over 81% of Attacks Are Multi-Vector Threats All of these vectors are used to carry out large-scale DDoS attacks, which are dangerous both due to their size and their ability to clog the network’s pipes. Incapsula 2013-2014 DDoS Threat Landscape Report Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats -AttackTypeFacilitatesGrowth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Single Vector 19% Multi Vector 81% 3.4% 4.2% 32.1% 41.3% { 2 vectors 3 vectors 4 vectors 5 vectors Network DDoS Attacks: Distribuition by Number of Vectors +1 (866) 250-7659 info@incapsula.com
Today large scale DDoS attacks (20Gbps and above) already account for almost 33% of all network DDoS events. There is no doubt that the increasing adoption of these techniques will facilitate the growth of future volumetric network DDoS attacks, which could in turn drive an increase in investment in networking resources. Weapon of Choice: Combo SYN Flood Attacks Based on average data from the last 90 days, the most common network attack method was a combination of two types of SYN flood attacks – one using regular SYN packets and another using large SYN (above 250 bytes) packets. In this scenario, both attacks are executed at the same time, with the regular SYN packets used to exhaust server resources (e.g., CPU) and large SYN packets used to cause network saturation. Today SYN combo attacks account for ~75% of all large scale network DDoS events (attacks peaking above 20Gbps). Overall, large SYN attacks are also the single most commonly used attack vector, accounting for 26% of all network DDoS events. Incapsula 2013-2014 DDoS Threat Landscape Report Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapon of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Total Network DDoS Attacks (by Type) Small DNS Large DNS NTP Amp. DNS Amp. Normal SYN Large SYN 14.3% 1.7% 14.8% 18.6% 24.5% 26.2% Large DDoS Attacks (by Type) NTPAmp. DNS Amp. Large SYN 13.6% 34.9% 51.5% Large DDoS (+20Gbps) Attack Ratio is almost 1/3 180 Gbps 160 Gbps 140 Gbps 120 Gbps 100 Gbps 80 Gbps 60 Gbps 40 Gbps 20 Gbps 0 Gbps Figure 1: 180Gbps NTP Amplification DDoS Attack (50Mpps) +1 (866) 250-7659 info@incapsula.com
On The Rise - NTP Amplification Attacks During January and February of 2014 a significant increase in the number of NTP Amplification attacks was noted. In fact, this reached the point where, in February, NTP Amplification attacks became the most commonly used attack vector for large scale network DDoS attacks. It is still too early to say if this points to a consistent trend or just to a temporary spike, fueled by the public attention given to the recent high profile NTP Amplification attacks. Incapsula 2013-2014 DDoS Threat Landscape Report Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapon of choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Percentageofattacks Dec 2013 Jan 2014 Feb 2014 Large SYN NTP Amp. +1 (866) 250-7659 info@incapsula.com
Application (Layer 7) DDoS Attack 2013: Overview Over the course of 2013 Incapsula witnessed an evolution of Application (Layer 7) DDoS attack methods. In the first half of 2013 most application DDoS attacks were executed by relatively primitive bots, which could be thwarted with a combination of progressive challenges and signature-based security rules. However, in the second half of 2013 we began to encounter a much more complex breed of DDoS offenders, including browser-based bots which were immune to generic filtering methods and could only be stopped by a combination of customized security rules and reputation-based heuristics. The significant evolution of application DDoS tools didn’t translate into an increase in application DDoS attack volumes, which remained relatively unchanged throughout the period. This is because even a rate of 50-100 requests/second would be enough to cripple most mid-sized websites, exceeding typical capacity margins and obviating the need for increased volumes. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report Fake Googlebots and fake IE6 (SV1) user agents. Pushado botnet attack. Overall, 400K sources target a single client. Defending against headless browser DDoS. Advanced bots that execute JS and hold cookies.More than 5M unique malicious visits/week. More than 7M unique malicious visits/week. 16.0 14.0 12.0 10.0 8.0 6.0 4.0 2.0 0.0Jan2013 Feb2013 Mar2013 Apr2013 May2013 Jun2013 Jul2013 Aug2013 Sep2013 Oct2013 Nov2013 Dec2013 Jan2014 Feb2014 MillionsRequests/Minute +1 (866) 250-7659 info@incapsula.com
On average, Incapsula recorded over 12 million unique DDoS bot sessions on a weekly basis, which represents a 240% increase over the same period in 2013. Unlike network DDoS attacks, Layer 7 attack sources can’t hide behind spoofed IPs. Instead they resort to using Trojan infected computers, hijacked hosting environments and Internet-connected devices. Large groups of such compromised resources constitute a botnet; a remotely controlled “zombie army” that can be used for DDoS attacks and other malicious activities. IP records of application DDoS offenders help us pinpoint actual geo-locations of active DDoS botnets and the non-secure infrastructures in which they thrive. Over the past 90 days, Incapsula’s records show that over 50% of all DDoS bots came from a group of 10 countries - with India, China and Iran accounting for over 25% of all malicious traffic. 2014: Emerging Trends Locations of Botnets and Vulnerable IT Infrastructures Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Location - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report 12.00% 10.00% 8.00% 6.00% 4.00% 2.00% 0.00% 9.59% India China Iran Indonesia US Thailand Turkey Russian Vietnam Peru 9.20% 7.99% 4.29% 4.26% 4.20% 3.89% 3.45% 2.88% 2.62% Top Attack Originating Countries Figure 2: Application Layer Weekly Attack Map +1 (866) 250-7659 info@incapsula.com
Random sampling of attacking IP addresses uncovers large number of vulnerable privately-owned websites, many of which are using the WordPress CMS platform. However, it’s also not uncommon to trace the attack back to compromised servers of web hosting companies, websites of commercial organizations and educational institutions (.ac domains) or – in some cases - even government-owned assets (.org domains). The list of compromised resources also includes a wide variety of connected devices, typically CCTV surveillance devices, most of which are open to abuse through easily guessable default passwords. 29% of Botnets Attack More than 50 Targets a Month Continuous tracking of attacking IP addresses shows that DDoS botnets are being reused to attack multiple targets. On average, almost 29% of all compromised devices will attack more than 50 different targets each month, with 1.2% attacking over 200 different targets during the same period. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report These numbers provide an interesting glimpse at the mechanics behind “Shared Botnets”. Looking at the figures, one can clearly see that today DDoS resources are treated just like any other type of rentable infrastructure. At the same time, one can also assume that some of these resources change hands between members of the hacker community. Some even have multiple “owners”, with several "botnet shepherds" using the same compromised machine for several different purposes. In terms of proactive security, this data further validates the need for reputation-based security methods. Thus, by systematically collecting such data, one can better anticipate the intentions of a visitor, knowing that some should be treated with more suspicion than others. 60.4% 21.7% 10.8%5.9% 1.2% Less than 20 More than 20 More than 50 More than 100 More than 200 Number of Monthly Targets Per Botnet +1 (866) 250-7659 info@incapsula.com
Bots are Evolving - Developing Immunity to Cookie and JavaScript Challenges 2013 brought abundant evidence of the increased sophistication of DDoS bots and other application DDOS threats. In the fourth quarter of 2013, Incapsula reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges - the two most common methods of bot filtering. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report This trend continues in 2014. Overall, in almost 30% of all recorded sessions, the DDoS bots Incapsula encountered were able to accept and store cookies, while 0.8% of these bots could also execute JavaScript. This data points to the reduced efficiency of these commonly used filtering methods. Even in the case of JS challenges, where the numbers are still typically low, the mere existence of "immune" offenders hints at the evolution we expect to see in the near future. To counter these challenges, Layer 7 mitigation processes should be based on a combination of more subtle methods, which assign a contextual risk score to the visitor’s identity and behavior patterns. Furthermore, given the reuse of attacking resources, approaches that make use of reputation data are also advised. Common Spoofed User-Agents DDoS bots are designed for infiltration. To that end, spoofed user-agents are often used to bypass low-level filtering solutions, based on the assumption that these solutions will not filter out bots that identify themselves as search engine or browsers. The list below details the ten most commonly spoofed user-agents. The top five entries belong to Baidu and Googlebot impersonators and variant of Microsoft IE browsers. When combined, these appear to be responsible for almost 85% of 69.3% 0.8% 29.9% Primitive Bots Accept Cookies Can Execute JavaScript DDoS Bots’ Capabilities +1 (866) 250-7659 info@incapsula.com
all malicious DDoS bot sessions. However, it should also be noted that many DDoS offenders will employ “agentless” bots or bots with uniquely crafted headers that were not designed to mimic the signatures of other web clients. Looking at the list, one can immediately notice the prominence of “search engine mimics”. From a mitigation point of view, these represent the easiest of all application layer challenges, due to the highly predictable behavior patterns of real search engine bots as well as their predetermined points of origin. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report Top 10 Spoofed User-Agents Used by DDoS Bots Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1) Mozilla/4.0 (compatible; MSIE 7.00; Windows NT 5.0; MyIE 3.01) Mozilla/4.0 (compatible; MSIE 8.00; Windows NT 5.0; MyIE 3.01) Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/8.0 Mozilla/4.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.11) Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1) 33.0% 16.0% 13.0% 11.7% 10.4% 6.8% 6.5% 1.6% 0.2% 0.1% +1 (866) 250-7659 info@incapsula.com
2013 was a game-changing year for DDoS attacks, with higher-than-ever attack volumes and rapid evolution of new attack methods. Now, the perpetrators are looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions. As a result, in 2014, many IT organizations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats. In case of network DDoS threats, the escalated growth of attack volumes has already established demand for scalable cloud-based solutions. To accommodate that, we now are increasing our investments in Incapsula’s infrastructures; both to keep up with our growing customer base and buff up Incapsula’s network capacity. In Q1 2014 we’ve already activated three new datacenters which increased Incapsula’s network throughput to 630Gbps and we are committed to significantly expand on that over the course of the year. With respect to application layer DDoS, we foresee rapid evolution of intelligent traffic filtering solutions, driven by technological sopistication of current-gen DDoS bots. Today, most filtering options still rely on combinations of basic challenges, whose effectiveness is now gradually eroding. And so, it’s only a matter of time before a high-profile application layer attack will expose this issue, compelling organizations to seek better alternatives that rely on combination of challenge based and non-challenge based techniques. Incapsula is already heavily invested in developing such multi-layered mitigation solution and we are already use behavioral and reputational factors to provide context to visitors’ actions and motivations. Combined with major updated of our backbone infrastructures, these will allow us to provide comprehensive DDoS protection services, helping us clients meet both current and future challenges Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report Looking Forward Figure 3: Incapsula’s data center deployment map. New facilities are in green. +1 (866) 250-7659 info@incapsula.com

Recommended

A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
Nexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_enNexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_enAndrey Apuhtin
 
Akamai security report
Akamai security reportAkamai security report
Akamai security reportHonza Beranek
 
Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Andrey Apuhtin
 
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...IJNSA Journal
 
A041201010
A041201010A041201010
A041201010ijceronline
 
2015-cloud-security-report-q2
2015-cloud-security-report-q22015-cloud-security-report-q2
2015-cloud-security-report-q2Gaurav Ahluwalia
 
akamai's [state of internet] / security
akamai's [state of internet] / securityakamai's [state of internet] / security
akamai's [state of internet] / securityThe Internet of Things
 

Recommended

A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
Nexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_enNexusguard d do_s_threat_report_q1_2017_en
Nexusguard d do_s_threat_report_q1_2017_enAndrey Apuhtin
 
Akamai security report
Akamai security reportAkamai security report
Akamai security reportHonza Beranek
 
Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Time line-of-ddos-campaigns-against-mit-threat-advisory
Time line-of-ddos-campaigns-against-mit-threat-advisory Andrey Apuhtin
 
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...IJNSA Journal
 
A041201010
A041201010A041201010
A041201010ijceronline
 
2015-cloud-security-report-q2
2015-cloud-security-report-q22015-cloud-security-report-q2
2015-cloud-security-report-q2Gaurav Ahluwalia
 
akamai's [state of internet] / security
akamai's [state of internet] / securityakamai's [state of internet] / security
akamai's [state of internet] / securityThe Internet of Things
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationGaurav Bhatia
 
TECHNICAL WHITE PAPER: The Continued rise of DDoS Attacks
TECHNICAL WHITE PAPER: The Continued rise of DDoS AttacksTECHNICAL WHITE PAPER: The Continued rise of DDoS Attacks
TECHNICAL WHITE PAPER: The Continued rise of DDoS AttacksSymantec
 
Midyear security-report-2016
Midyear security-report-2016Midyear security-report-2016
Midyear security-report-2016Andrey Apuhtin
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and SolutionsInnoTech
 
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Laura L. Adams
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutionsFrank Victory
 
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014Marcello Marchesini
 
Augmented split –protocol; an ultimate d do s defender
Augmented split –protocol; an ultimate d do s defenderAugmented split –protocol; an ultimate d do s defender
Augmented split –protocol; an ultimate d do s defenderijcsa
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS ProtectionSrikrupa Srivatsan
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Case Study: Q2 2014 Global DDoS Attack Report | Akamai Document
Case Study: Q2 2014 Global DDoS Attack Report | Akamai DocumentCase Study: Q2 2014 Global DDoS Attack Report | Akamai Document
Case Study: Q2 2014 Global DDoS Attack Report | Akamai DocumentProlexic
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
Trias politika
Trias politikaTrias politika
Trias politikaputridiyani
 
Lebron Edwin: Technology Zombies
Lebron Edwin: Technology ZombiesLebron Edwin: Technology Zombies
Lebron Edwin: Technology Zombiesemlebron
 
WK2 Project: Storyboard
WK2 Project: StoryboardWK2 Project: Storyboard
WK2 Project: StoryboardPatrick James Green
 
Work incentives
Work incentivesWork incentives
Work incentivesOlli Kärkkäinen
 

More Related Content

What's hot

A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationGaurav Bhatia
 
TECHNICAL WHITE PAPER: The Continued rise of DDoS Attacks
TECHNICAL WHITE PAPER: The Continued rise of DDoS AttacksTECHNICAL WHITE PAPER: The Continued rise of DDoS Attacks
TECHNICAL WHITE PAPER: The Continued rise of DDoS AttacksSymantec
 
Midyear security-report-2016
Midyear security-report-2016Midyear security-report-2016
Midyear security-report-2016Andrey Apuhtin
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and SolutionsInnoTech
 
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Laura L. Adams
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutionsFrank Victory
 
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014Marcello Marchesini
 
Augmented split –protocol; an ultimate d do s defender
Augmented split –protocol; an ultimate d do s defenderAugmented split –protocol; an ultimate d do s defender
Augmented split –protocol; an ultimate d do s defenderijcsa
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Case Study: Q2 2014 Global DDoS Attack Report | Akamai Document
Case Study: Q2 2014 Global DDoS Attack Report | Akamai DocumentCase Study: Q2 2014 Global DDoS Attack Report | Akamai Document
Case Study: Q2 2014 Global DDoS Attack Report | Akamai DocumentProlexic
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 

What's hot (18)

A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS Mitigation
 
TECHNICAL WHITE PAPER: The Continued rise of DDoS Attacks
TECHNICAL WHITE PAPER: The Continued rise of DDoS AttacksTECHNICAL WHITE PAPER: The Continued rise of DDoS Attacks
TECHNICAL WHITE PAPER: The Continued rise of DDoS Attacks
 
Midyear security-report-2016
Midyear security-report-2016Midyear security-report-2016
Midyear security-report-2016
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and Solutions
 
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
 
Augmented split –protocol; an ultimate d do s defender
Augmented split –protocol; an ultimate d do s defenderAugmented split –protocol; an ultimate d do s defender
Augmented split –protocol; an ultimate d do s defender
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
Case Study: Q2 2014 Global DDoS Attack Report | Akamai Document
Case Study: Q2 2014 Global DDoS Attack Report | Akamai DocumentCase Study: Q2 2014 Global DDoS Attack Report | Akamai Document
Case Study: Q2 2014 Global DDoS Attack Report | Akamai Document
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 

Viewers also liked

Lebron Edwin: Technology Zombies
Lebron Edwin: Technology ZombiesLebron Edwin: Technology Zombies
Lebron Edwin: Technology Zombiesemlebron
 
2013 global encryption trends study
2013 global encryption trends study2013 global encryption trends study
2013 global encryption trends studyBee_Ware
 
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพรใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพรMark Mad
 
Website security statistics of 2012
Website security statistics of 2012Website security statistics of 2012
Website security statistics of 2012Bee_Ware
 
เครือข่ายคอมพิวเตอร์
เครือข่ายคอมพิวเตอร์เครือข่ายคอมพิวเตอร์
เครือข่ายคอมพิวเตอร์Z'lovebie Ming
 
Websense security prediction 2014
Websense security prediction 2014Websense security prediction 2014
Websense security prediction 2014Bee_Ware
 
Infographic: Dementia Toolkit
Infographic: Dementia ToolkitInfographic: Dementia Toolkit
Infographic: Dementia ToolkitTracy Steel
 
ใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงาน
ใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงานใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงาน
ใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงานMark Mad
 
To byod or not to byod
To byod or not to byodTo byod or not to byod
To byod or not to byodBee_Ware
 
Technology integration
Technology integrationTechnology integration
Technology integrationbriggsad
 
2013 cost of data breach study - Global analysis
2013 cost of data breach study - Global analysis2013 cost of data breach study - Global analysis
2013 cost of data breach study - Global analysisBee_Ware
 

Viewers also liked (20)

Trias politika
Trias politikaTrias politika
Trias politika
 
Lebron Edwin: Technology Zombies
Lebron Edwin: Technology ZombiesLebron Edwin: Technology Zombies
Lebron Edwin: Technology Zombies
 
WK2 Project: Storyboard
WK2 Project: StoryboardWK2 Project: Storyboard
WK2 Project: Storyboard
 
Work incentives
Work incentivesWork incentives
Work incentives
 
2013 global encryption trends study
2013 global encryption trends study2013 global encryption trends study
2013 global encryption trends study
 
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพรใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
ใบงาน แบบสำรวจและประวัติของ นาย พชร แก้วพนมพร
 
Website security statistics of 2012
Website security statistics of 2012Website security statistics of 2012
Website security statistics of 2012
 
เครือข่ายคอมพิวเตอร์
เครือข่ายคอมพิวเตอร์เครือข่ายคอมพิวเตอร์
เครือข่ายคอมพิวเตอร์
 
ฟอร มโครงร างโครงงานคอมพ_วเตอร_
ฟอร มโครงร างโครงงานคอมพ_วเตอร_ฟอร มโครงร างโครงงานคอมพ_วเตอร_
ฟอร มโครงร างโครงงานคอมพ_วเตอร_
 
Websense security prediction 2014
Websense security prediction 2014Websense security prediction 2014
Websense security prediction 2014
 
Vivarana literature survey
Vivarana literature surveyVivarana literature survey
Vivarana literature survey
 
Infographic: Dementia Toolkit
Infographic: Dementia ToolkitInfographic: Dementia Toolkit
Infographic: Dementia Toolkit
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
ใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงาน
ใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงานใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงาน
ใบงานที่ 2 เรื่อง ความหมายและความสำคัญของโครงงาน
 
To byod or not to byod
To byod or not to byodTo byod or not to byod
To byod or not to byod
 
Erreportajea dna
Erreportajea dnaErreportajea dna
Erreportajea dna
 
Intro
IntroIntro
Intro
 
Technology integration
Technology integrationTechnology integration
Technology integration
 
NDO
NDONDO
NDO
 
2013 cost of data breach study - Global analysis
2013 cost of data breach study - Global analysis2013 cost of data breach study - Global analysis
2013 cost of data breach study - Global analysis
 

Similar to DDoS threat landscape report

A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paperRenny Shen
 
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportKey Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportAPNIC
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS ProvidersNeil Hinton
 
ITSecurity_DDOS_Mitigation
ITSecurity_DDOS_MitigationITSecurity_DDOS_Mitigation
ITSecurity_DDOS_MitigationR. Blake Martin
 
Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Sharon Lee
 
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...IJNSA Journal
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...North Texas Chapter of the ISSA
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET Journal
 
Rio olympics ddos attack
Rio olympics ddos attackRio olympics ddos attack
Rio olympics ddos attackAnukaJinadasa
 

Similar to DDoS threat landscape report (20)

A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paper
 
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportKey Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
 
546 220-228
546 220-228546 220-228
546 220-228
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS Providers
 
ITSecurity_DDOS_Mitigation
ITSecurity_DDOS_MitigationITSecurity_DDOS_Mitigation
ITSecurity_DDOS_Mitigation
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
 
Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )
 
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in Manet
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
 
DDOS.pptx
DDOS.pptxDDOS.pptx
DDOS.pptx
 
Rio olympics ddos attack
Rio olympics ddos attackRio olympics ddos attack
Rio olympics ddos attack
 

More from Bee_Ware

Les francais et la protection des données personnelles
Les francais et la protection des données personnellesLes francais et la protection des données personnelles
Les francais et la protection des données personnellesBee_Ware
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challengesBee_Ware
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Numergy la sécurité des données dans le cloud
Numergy la sécurité des données dans le cloudNumergy la sécurité des données dans le cloud
Numergy la sécurité des données dans le cloudBee_Ware
 
Waf, le bon outil, la bonne administration
Waf, le bon outil, la bonne administration Waf, le bon outil, la bonne administration
Waf, le bon outil, la bonne administration Bee_Ware
 
Bonnes pratiques de sécurité - Kaspersky
Bonnes pratiques de sécurité - KasperskyBonnes pratiques de sécurité - Kaspersky
Bonnes pratiques de sécurité - KasperskyBee_Ware
 
Les entreprises européennes sont elles bien armées pour affronter les cyber a...
Les entreprises européennes sont elles bien armées pour affronter les cyber a...Les entreprises européennes sont elles bien armées pour affronter les cyber a...
Les entreprises européennes sont elles bien armées pour affronter les cyber a...Bee_Ware
 
Maitriser la ssi pour les systèmes industriels
Maitriser la ssi pour les systèmes industrielsMaitriser la ssi pour les systèmes industriels
Maitriser la ssi pour les systèmes industrielsBee_Ware
 
Kindsight security labs malware report - Q4 2013
Kindsight security labs malware report - Q4 2013Kindsight security labs malware report - Q4 2013
Kindsight security labs malware report - Q4 2013Bee_Ware
 
Biometrics how far are we prepared to go
Biometrics how far are we prepared to goBiometrics how far are we prepared to go
Biometrics how far are we prepared to goBee_Ware
 
Managing complexity in IAM
Managing complexity in IAMManaging complexity in IAM
Managing complexity in IAMBee_Ware
 
Les principales failles de sécurité des applications web actuelles
Les principales failles de sécurité des applications web actuellesLes principales failles de sécurité des applications web actuelles
Les principales failles de sécurité des applications web actuellesBee_Ware
 
La sécurité des Si en établissement de santé
La sécurité des Si en établissement de santéLa sécurité des Si en établissement de santé
La sécurité des Si en établissement de santéBee_Ware
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesBee_Ware
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security SurveyBee_Ware
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
Guide de mise en oeuvre d'une authentification forte avec une cps
Guide de mise en oeuvre d'une authentification forte avec une cpsGuide de mise en oeuvre d'une authentification forte avec une cps
Guide de mise en oeuvre d'une authentification forte avec une cpsBee_Ware
 
Clusif le role de l'organisation humaine dans la ssi 2013
Clusif le role de l'organisation humaine dans la ssi 2013Clusif le role de l'organisation humaine dans la ssi 2013
Clusif le role de l'organisation humaine dans la ssi 2013Bee_Ware
 
2013 cost of data breach study - France
2013 cost of data breach study - France2013 cost of data breach study - France
2013 cost of data breach study - FranceBee_Ware
 
X force report 2013
X force report 2013X force report 2013
X force report 2013Bee_Ware
 

More from Bee_Ware (20)

Les francais et la protection des données personnelles
Les francais et la protection des données personnellesLes francais et la protection des données personnelles
Les francais et la protection des données personnelles
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challenges
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Numergy la sécurité des données dans le cloud
Numergy la sécurité des données dans le cloudNumergy la sécurité des données dans le cloud
Numergy la sécurité des données dans le cloud
 
Waf, le bon outil, la bonne administration
Waf, le bon outil, la bonne administration Waf, le bon outil, la bonne administration
Waf, le bon outil, la bonne administration
 
Bonnes pratiques de sécurité - Kaspersky
Bonnes pratiques de sécurité - KasperskyBonnes pratiques de sécurité - Kaspersky
Bonnes pratiques de sécurité - Kaspersky
 
Les entreprises européennes sont elles bien armées pour affronter les cyber a...
Les entreprises européennes sont elles bien armées pour affronter les cyber a...Les entreprises européennes sont elles bien armées pour affronter les cyber a...
Les entreprises européennes sont elles bien armées pour affronter les cyber a...
 
Maitriser la ssi pour les systèmes industriels
Maitriser la ssi pour les systèmes industrielsMaitriser la ssi pour les systèmes industriels
Maitriser la ssi pour les systèmes industriels
 
Kindsight security labs malware report - Q4 2013
Kindsight security labs malware report - Q4 2013Kindsight security labs malware report - Q4 2013
Kindsight security labs malware report - Q4 2013
 
Biometrics how far are we prepared to go
Biometrics how far are we prepared to goBiometrics how far are we prepared to go
Biometrics how far are we prepared to go
 
Managing complexity in IAM
Managing complexity in IAMManaging complexity in IAM
Managing complexity in IAM
 
Les principales failles de sécurité des applications web actuelles
Les principales failles de sécurité des applications web actuellesLes principales failles de sécurité des applications web actuelles
Les principales failles de sécurité des applications web actuelles
 
La sécurité des Si en établissement de santé
La sécurité des Si en établissement de santéLa sécurité des Si en établissement de santé
La sécurité des Si en établissement de santé
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security Survey
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
Guide de mise en oeuvre d'une authentification forte avec une cps
Guide de mise en oeuvre d'une authentification forte avec une cpsGuide de mise en oeuvre d'une authentification forte avec une cps
Guide de mise en oeuvre d'une authentification forte avec une cps
 
Clusif le role de l'organisation humaine dans la ssi 2013
Clusif le role de l'organisation humaine dans la ssi 2013Clusif le role de l'organisation humaine dans la ssi 2013
Clusif le role de l'organisation humaine dans la ssi 2013
 
2013 cost of data breach study - France
2013 cost of data breach study - France2013 cost of data breach study - France
2013 cost of data breach study - France
 
X force report 2013
X force report 2013X force report 2013
X force report 2013
 

Recently uploaded

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

DDoS threat landscape report

  • 1. DDoS Threat Landscape Report 2013-2014 +1 (866) 250-7659 info@incapsula.com
  • 2. Introduction This report was originally intended to be a 2013 DDoS trends report. However, due to the significant DDoS events in January and February of 2014, we have extended the scope of this report to also include the last 90 days. We believe that the trends discovered during this period, in particular, are essential in order to accurately portray the current state of today’s DDoS threat landscape. The findings below are based on hundreds of attacks perpetrated against websites using Incapsula’s DDoS Mitigation service and include the latest Network (Layers 3 & 4) and Application (Layer 7) DDoS trends. We believe that these attacks are a fair representation of the overall DDoS threat landscape and lend valuable insight into the current challenges facing the DDoS protection industry. Incapsula 2013-2014 DDoS Threat Landscape Report +1 (866) 250-7659 info@incapsula.com Research Methodology The 2013-2014 trending graphs are based on peak attack volumes and notable DDoS events recorded over this period. Network (Layers 3 & 4) DDoS attack volumes are measured in Gbps (Gigabits per second); Application (Layer 7) peak attack volumes are measured in MRpm (Millions of Requests per minute). The last 90-days data was collected from November 30, 2013 to February 27, 2014. The network DDoS trending information is based on 237 network DDoS attacks that exceeded 5Gbps, targeting websites on Incapsula's network. Information about the Application (Layer 7) DDoS attacks is based on records of over 154 million unique DDoS bot sessions on Incapsula’s network during this period. (Read more about Incapsula’s bot classification techniques.) At a Glance: Network (Layer 3 & 4) DDoS Attacks • Large SYN Floods account for 51.5% of all large-scale attacks • Almost one in every three attacks is above 20Gbps • 81% of attacks are multi-vector threats • Normal SYN flood & Large SYN flood combo is the most popular multi-vector attack (75%) • NTP reflection was the most common large-scale attack method in February 2014 Application (Layer 7) DDoS Attacks • DDoS bot traffic is up by 240% • More than 25% of all Botnets are located in India, China and Iran • USA is ranked number 5 in the list of “Top 10” attacking countries • 29% of Botnets attack more than 50 targets a month • 29.9% of DDoS bots can hold cookies. • 46% of all spoofed user-agents are fake Baidu Bots (while 11.7% are fake Googlebots)
  • 3. Network (Layers 3 & 4) DDoS Attacks 2013: Overview In 2013 we witnessed a rapid increase in network DDoS attack volumes, which was facilitated by the adoption of new attack methods (NTP Amplification and Large SYN floods) and also by the development of Internet and specifically cloud infrastructures. As early as February 2013 we were able to track down a single source 4Gbps attacking server, which – if amplified – could alone have generated over 200Gbps in attack traffic. With such available resources it is easy to explain the uptick in attack volume we saw over the course of the year. “Hit and Run” DDoS attacks, which were first documented in April 2013 are part of another parallel trend of attacks that were specifically designed to exploit vulnerabilities in DDoS protection services and human IT operators. These attacks, which rely on frequent short bursts of traffic, are specifically designed to exploit the weakness of services that were designed for manual triggering (e.g., GRE tunneling to DNS re-routing). Hit and Run attacks are now changing the face of anti-DDoS industry, pushing it towards “Always On” integrated solutions. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report 200 160 120 80 40 0 Gigabits/second 100Gbps DDoS blocked. Volumes continue to grow.+60Gbps DDoS attacks, at least once a week. NTP Amp. attacks increase. Biggest one reaching 180Gbps. First “Hit and Run” DDoS noted. Many more to come... 4Gbps DDoS Cannon spotted. Jan2013 Feb2013 Mar2013 Apr2013 May2013 Jun2013 Jul2013 Aug2013 Sep2013 Oct2013 Nov2013 Dec2013 Jan2014 Feb2014 +1 (866) 250-7659 info@incapsula.com
  • 4. The vast majority of network (Layers 3 & 4) DDoS attacks rely on multi-vector offensive tactics. Figures show that in the last 90 days, 81% of all network attacks employed at least two different attack methods, with almost 39% using three or more different attack methods simultaneously. Multi-vector tactics increase the attacker’s chance of success by targeting several different networking or infrastructure resources. Combinations of different offensive techniques are also often used to create “smokescreen” effects, where one attack is used to create noise, diverting attention from another attack vector. Moreover, multi-vector methods enable attackers to exploit holes in a target’s security perimeter, causing conflicts in automated security rules and spreading confusion among human operators. Finally, multi-vector attacks can be used for “trial and error” reconnaissance, gathering the information needed to allow future attacks to weave their way past the defender’s layers of security. Multi-Vector Attacks Facilitate Hyper Growth The nature of the latest attack trends is a good indicator of the direction in which modern network DDoS attacks are now taking. The multi-vector approach, which is already used by the vast majority of all network attacks, is a clear indication of attackers’ familiarity with current DDoS protection methods and the ways in which these methods can be bypassed and overcome. Another clue comes from the attackers’ most common “weapons of choice”: i.e., large SYN floods, NTP Amplification and DNS Amplification. 2014: Emerging Trends Over 81% of Attacks Are Multi-Vector Threats All of these vectors are used to carry out large-scale DDoS attacks, which are dangerous both due to their size and their ability to clog the network’s pipes. Incapsula 2013-2014 DDoS Threat Landscape Report Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats -AttackTypeFacilitatesGrowth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Single Vector 19% Multi Vector 81% 3.4% 4.2% 32.1% 41.3% { 2 vectors 3 vectors 4 vectors 5 vectors Network DDoS Attacks: Distribuition by Number of Vectors +1 (866) 250-7659 info@incapsula.com
  • 5. Today large scale DDoS attacks (20Gbps and above) already account for almost 33% of all network DDoS events. There is no doubt that the increasing adoption of these techniques will facilitate the growth of future volumetric network DDoS attacks, which could in turn drive an increase in investment in networking resources. Weapon of Choice: Combo SYN Flood Attacks Based on average data from the last 90 days, the most common network attack method was a combination of two types of SYN flood attacks – one using regular SYN packets and another using large SYN (above 250 bytes) packets. In this scenario, both attacks are executed at the same time, with the regular SYN packets used to exhaust server resources (e.g., CPU) and large SYN packets used to cause network saturation. Today SYN combo attacks account for ~75% of all large scale network DDoS events (attacks peaking above 20Gbps). Overall, large SYN attacks are also the single most commonly used attack vector, accounting for 26% of all network DDoS events. Incapsula 2013-2014 DDoS Threat Landscape Report Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapon of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Total Network DDoS Attacks (by Type) Small DNS Large DNS NTP Amp. DNS Amp. Normal SYN Large SYN 14.3% 1.7% 14.8% 18.6% 24.5% 26.2% Large DDoS Attacks (by Type) NTPAmp. DNS Amp. Large SYN 13.6% 34.9% 51.5% Large DDoS (+20Gbps) Attack Ratio is almost 1/3 180 Gbps 160 Gbps 140 Gbps 120 Gbps 100 Gbps 80 Gbps 60 Gbps 40 Gbps 20 Gbps 0 Gbps Figure 1: 180Gbps NTP Amplification DDoS Attack (50Mpps) +1 (866) 250-7659 info@incapsula.com
  • 6. On The Rise - NTP Amplification Attacks During January and February of 2014 a significant increase in the number of NTP Amplification attacks was noted. In fact, this reached the point where, in February, NTP Amplification attacks became the most commonly used attack vector for large scale network DDoS attacks. It is still too early to say if this points to a consistent trend or just to a temporary spike, fueled by the public attention given to the recent high profile NTP Amplification attacks. Incapsula 2013-2014 DDoS Threat Landscape Report Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapon of choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Percentageofattacks Dec 2013 Jan 2014 Feb 2014 Large SYN NTP Amp. +1 (866) 250-7659 info@incapsula.com
  • 7. Application (Layer 7) DDoS Attack 2013: Overview Over the course of 2013 Incapsula witnessed an evolution of Application (Layer 7) DDoS attack methods. In the first half of 2013 most application DDoS attacks were executed by relatively primitive bots, which could be thwarted with a combination of progressive challenges and signature-based security rules. However, in the second half of 2013 we began to encounter a much more complex breed of DDoS offenders, including browser-based bots which were immune to generic filtering methods and could only be stopped by a combination of customized security rules and reputation-based heuristics. The significant evolution of application DDoS tools didn’t translate into an increase in application DDoS attack volumes, which remained relatively unchanged throughout the period. This is because even a rate of 50-100 requests/second would be enough to cripple most mid-sized websites, exceeding typical capacity margins and obviating the need for increased volumes. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report Fake Googlebots and fake IE6 (SV1) user agents. Pushado botnet attack. Overall, 400K sources target a single client. Defending against headless browser DDoS. Advanced bots that execute JS and hold cookies.More than 5M unique malicious visits/week. More than 7M unique malicious visits/week. 16.0 14.0 12.0 10.0 8.0 6.0 4.0 2.0 0.0Jan2013 Feb2013 Mar2013 Apr2013 May2013 Jun2013 Jul2013 Aug2013 Sep2013 Oct2013 Nov2013 Dec2013 Jan2014 Feb2014 MillionsRequests/Minute +1 (866) 250-7659 info@incapsula.com
  • 8. On average, Incapsula recorded over 12 million unique DDoS bot sessions on a weekly basis, which represents a 240% increase over the same period in 2013. Unlike network DDoS attacks, Layer 7 attack sources can’t hide behind spoofed IPs. Instead they resort to using Trojan infected computers, hijacked hosting environments and Internet-connected devices. Large groups of such compromised resources constitute a botnet; a remotely controlled “zombie army” that can be used for DDoS attacks and other malicious activities. IP records of application DDoS offenders help us pinpoint actual geo-locations of active DDoS botnets and the non-secure infrastructures in which they thrive. Over the past 90 days, Incapsula’s records show that over 50% of all DDoS bots came from a group of 10 countries - with India, China and Iran accounting for over 25% of all malicious traffic. 2014: Emerging Trends Locations of Botnets and Vulnerable IT Infrastructures Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Location - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report 12.00% 10.00% 8.00% 6.00% 4.00% 2.00% 0.00% 9.59% India China Iran Indonesia US Thailand Turkey Russian Vietnam Peru 9.20% 7.99% 4.29% 4.26% 4.20% 3.89% 3.45% 2.88% 2.62% Top Attack Originating Countries Figure 2: Application Layer Weekly Attack Map +1 (866) 250-7659 info@incapsula.com
  • 9. Random sampling of attacking IP addresses uncovers large number of vulnerable privately-owned websites, many of which are using the WordPress CMS platform. However, it’s also not uncommon to trace the attack back to compromised servers of web hosting companies, websites of commercial organizations and educational institutions (.ac domains) or – in some cases - even government-owned assets (.org domains). The list of compromised resources also includes a wide variety of connected devices, typically CCTV surveillance devices, most of which are open to abuse through easily guessable default passwords. 29% of Botnets Attack More than 50 Targets a Month Continuous tracking of attacking IP addresses shows that DDoS botnets are being reused to attack multiple targets. On average, almost 29% of all compromised devices will attack more than 50 different targets each month, with 1.2% attacking over 200 different targets during the same period. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report These numbers provide an interesting glimpse at the mechanics behind “Shared Botnets”. Looking at the figures, one can clearly see that today DDoS resources are treated just like any other type of rentable infrastructure. At the same time, one can also assume that some of these resources change hands between members of the hacker community. Some even have multiple “owners”, with several "botnet shepherds" using the same compromised machine for several different purposes. In terms of proactive security, this data further validates the need for reputation-based security methods. Thus, by systematically collecting such data, one can better anticipate the intentions of a visitor, knowing that some should be treated with more suspicion than others. 60.4% 21.7% 10.8%5.9% 1.2% Less than 20 More than 20 More than 50 More than 100 More than 200 Number of Monthly Targets Per Botnet +1 (866) 250-7659 info@incapsula.com
  • 10. Bots are Evolving - Developing Immunity to Cookie and JavaScript Challenges 2013 brought abundant evidence of the increased sophistication of DDoS bots and other application DDOS threats. In the fourth quarter of 2013, Incapsula reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges - the two most common methods of bot filtering. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report This trend continues in 2014. Overall, in almost 30% of all recorded sessions, the DDoS bots Incapsula encountered were able to accept and store cookies, while 0.8% of these bots could also execute JavaScript. This data points to the reduced efficiency of these commonly used filtering methods. Even in the case of JS challenges, where the numbers are still typically low, the mere existence of "immune" offenders hints at the evolution we expect to see in the near future. To counter these challenges, Layer 7 mitigation processes should be based on a combination of more subtle methods, which assign a contextual risk score to the visitor’s identity and behavior patterns. Furthermore, given the reuse of attacking resources, approaches that make use of reputation data are also advised. Common Spoofed User-Agents DDoS bots are designed for infiltration. To that end, spoofed user-agents are often used to bypass low-level filtering solutions, based on the assumption that these solutions will not filter out bots that identify themselves as search engine or browsers. The list below details the ten most commonly spoofed user-agents. The top five entries belong to Baidu and Googlebot impersonators and variant of Microsoft IE browsers. When combined, these appear to be responsible for almost 85% of 69.3% 0.8% 29.9% Primitive Bots Accept Cookies Can Execute JavaScript DDoS Bots’ Capabilities +1 (866) 250-7659 info@incapsula.com
  • 11. all malicious DDoS bot sessions. However, it should also be noted that many DDoS offenders will employ “agentless” bots or bots with uniquely crafted headers that were not designed to mimic the signatures of other web clients. Looking at the list, one can immediately notice the prominence of “search engine mimics”. From a mitigation point of view, these represent the easiest of all application layer challenges, due to the highly predictable behavior patterns of real search engine bots as well as their predetermined points of origin. Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report Top 10 Spoofed User-Agents Used by DDoS Bots Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1) Mozilla/4.0 (compatible; MSIE 7.00; Windows NT 5.0; MyIE 3.01) Mozilla/4.0 (compatible; MSIE 8.00; Windows NT 5.0; MyIE 3.01) Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/8.0 Mozilla/4.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.11) Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1) 33.0% 16.0% 13.0% 11.7% 10.4% 6.8% 6.5% 1.6% 0.2% 0.1% +1 (866) 250-7659 info@incapsula.com
  • 12. 2013 was a game-changing year for DDoS attacks, with higher-than-ever attack volumes and rapid evolution of new attack methods. Now, the perpetrators are looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions. As a result, in 2014, many IT organizations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats. In case of network DDoS threats, the escalated growth of attack volumes has already established demand for scalable cloud-based solutions. To accommodate that, we now are increasing our investments in Incapsula’s infrastructures; both to keep up with our growing customer base and buff up Incapsula’s network capacity. In Q1 2014 we’ve already activated three new datacenters which increased Incapsula’s network throughput to 630Gbps and we are committed to significantly expand on that over the course of the year. With respect to application layer DDoS, we foresee rapid evolution of intelligent traffic filtering solutions, driven by technological sopistication of current-gen DDoS bots. Today, most filtering options still rely on combinations of basic challenges, whose effectiveness is now gradually eroding. And so, it’s only a matter of time before a high-profile application layer attack will expose this issue, compelling organizations to seek better alternatives that rely on combination of challenge based and non-challenge based techniques. Incapsula is already heavily invested in developing such multi-layered mitigation solution and we are already use behavioral and reputational factors to provide context to visitors’ actions and motivations. Combined with major updated of our backbone infrastructures, these will allow us to provide comprehensive DDoS protection services, helping us clients meet both current and future challenges Introduction Research Methodology Network DDoS Attacks 2013: Overview 2014: Emerging Trends - Multi-Vector Threats - Attack Type Facilitates Growth - Weapn of Choice - NTP DDoS is on the Rise Application DDoS Attack 2013: Overview 2014: Emerging Trends - Botnet Geo-Locations - “Shared Botnets” - Bots are Evolving - Common Spoofed User-Agents Looking Forward Incapsula 2013-2014 DDoS Threat Landscape Report Looking Forward Figure 3: Incapsula’s data center deployment map. New facilities are in green. +1 (866) 250-7659 info@incapsula.com