agsandrew - Fotolia

UK second only to US in DDoS attacks

Distributed denial of service attacks on UK organisations have eased from a peak in the fourth quarter of 2015, but the UK remains the world’s second most targeted country

The UK is second only to the US in being targeted by distributed denial of service (DDoS) attacks with the aim of vandalism, disrupting businesses or extorting money from businesses, a report reveals.

The US still accounted for most of the first-quarter DDoS attacks (50.3%), followed by the UK (9.2%), Japan (6.7%) and Germany (3.1%), according to security firm Imperva’s latest DDoS threat report.

While US DDoS attacks have increased steadily in the past year, the report shows a spike in the UK to 23% of all DDoS attacks monitored by Imperva in the fourth quarter of 2015, when there was an increase in cyber extortion attempts.

While most attacks in the UK targeted small and medium-sized organisations, the report said this trend also translated into several high-profile assaults, including takedowns of the BBC, HSBC UK and the Irish National Lottery.

Overall, the report shows that DDoS attacks increased in frequency and more than doubled in number compared with the previous year. The rise was fuelled by DDoS-for-hire services, which accounted for 93% of attacks in the first quarter of 2016, up from 63.8% in the second quarter of 2015.

More than 40% of targets were attacked more than once, and 16% were targeted more than five times, the report said. Repeated attacks have increased from 29.4% in the third quarter of 2015 to 49.9% in the first quarter of 2016.

This highlights the tenacity of DDoS offenders, many of whom persist in trying to take a target down even after multiple failed attempts, said Imperva analysts.

Imperva Incapusula mitigated an average of 445 attacks a week from 1 April 2015 to 31 March.

In that period, the number of both network and application layer attacks doubled, but although application layer assaults accounted for 60% of attacks, this type of DDoS attack is trending downward, dropping by more than 5% compared with the year before.

Read more about DDoS attacks

Network layer attacks hit a new high in the period under review, with the largest assault peaking at 470 gigabits per second (Gbps).

If this trend continues, the Imperva analysts said network layer attacks could be as common as their application layer counterparts by 2018.

The report shows DDoS attacks are also growing in size, with multiple attacks exceeding 200Gbps, making them almost a regular occurrence.

At the same time, DDoS attackers are experimenting with new attack methods in an attempt to circumvent security measures, the report said, with researchers coming across multiple examples of new application layer assaults crafted to bypass mitigation systems.

One prominent case involved a uniquely executed HTTP flood attack, in which the target was bombarded by abnormally large upload requests.

According to Imperva analysts, the attack exploited a nuanced soft spot of hybrid DDoS mitigation setups, highlighting the degree of understanding some perpetrators now have about the inner workings of anti-DDoS measures.

Advanced attack bots

The trend was also exemplified by an increased use of advanced attack bots, which exhibited browser-like traits, including being able to retain cookies and parse JavaScript, the analysts said.

Imperva said that on average, 24% of DDoS bots were so-called advanced attackers that could bypass at least some rudimentary security tests. In the first quarter of 2016, their number rose to a record high of 36.6%.

The Imperva report coincides with a DDoS attack on US game developing firm Blizzard Entertainment.

The company said in a tweet: “We continue to actively monitor an ongoing DDOS attack against network providers, affecting latency/connections to our games.” It later said the problem had been resolved.

This is not the first time Blizzard has been targeted by DDoS attacks. In the past, they have affected the availability of games such as Overwatch and World of Warcraft.

Gaming servers targeted

“Gaming servers are a top target for DDoS assaults,” said Ofer Gayer, product manager for DDoS at Imperva. “They have been hit by some of the largest and longest attacks on recent record.

“ Since online gaming platforms are highly sensitive to latency and availability issues, they are ideal DDoS attack targets.”

Mitigating DDoS on game servers is a particularly complex task, said Gayer. “Gamers are very sensitive to the impact on latency, so what may be considered negligible for most services can be very frustrating for the gaming community.

“This can be affected by multiple factors, most prominently the distribution of scrubbing locations and time to mitigate.” 

According to Imperva research in the past three years, 45% of gaming sites were attacked, and 75% are likely to be attacked again.

Read more on Hackers and cybercrime prevention