News Feature | December 3, 2014

Black Lotus Report Shows DDoS Volume Decreasing But Sophistication Of Attacks Increasing

Christine Kern

By Christine Kern, contributing writer

Data Security

A new report from Black Lotus, a provider of distributed denial of service (DDoS) protection, shows that attackers are using less bandwidth to cause trouble but are getting smarter about how their attacks work. The report found that the most likely source for new DDoS attacks will be Vietnam, India, and Indonesia in 2015, according to a press release. Although these nations lack bandwidth to launch massive DDoS attacks, they do have a high volume of compromised end-point devices, which can be utilized in botnet attacks. In Q3 2014, China was the leading source of DDoS attacks, followed by the United States and Russia.

The report collated data from Black Lotus’ network logs to analyze the results for trends in attack size, duration, method, source, and other categories. It found that between July 1 and September 29, 2014, Black Lotus customers experienced a 96 percent decrease in bit volume attacks in comparison with the rest of 2014, attributed to the use of more complex methods of attack.

“DDoS attacks continue to fall in size and frequency in 2014, making them easier to handle for tier one carrier networks with excess capacity, but still tricky to manage for organizations with less bandwidth,” said Shawn Marck, co-founder and chief security officer of Black Lotus in the press release. “The widespread education of ways to thwart NTP caused attackers to resort to tried and true blends of SYN flood and application layer attacks, which are very difficult to mitigate using conventional network hardware as these types target the same port needed to serve legitimate users.”

A study earlier this year also suggested that DDoS attacks are being used more frequently as a smokescreen, distracting organizations while malware or viruses are injected to steal money, data, or intellectual property, as Business Solutions Magazine reported.

In its Q2 report, Black Lotus was already warning of the rise in SYN flood attacks, which are difficult to stop without the appropriate commercial DDoS mitigation hardware or services, according to Business Solutions Magazine.

The Q3 report also found:

  • Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyber attackers targeting crucial ports to thwart legitimate traffic from reaching online destinations.
  • 73 percent of the 201,721 Q3 2014 attacks were severe, nearly half of which were SYN flood attacks and 15 percent targeted Web servers (HTTP) and domain name services (DNS), which result in site outages and are extremely difficult to mitigate without professional assistance.
  • Attack methods have shifted from large volumetric network-based attacks to complex attacks using multiple vectors, with both application layer attacks and SYN flood attacks blended together; thus security practitioners must leverage intelligent DDoS mitigation rather than budgeting extra network bandwidth.