DDoS attackers seem to have switched their attention from banks to gaming hosts, ISPs and even enterprises, half-year figures from Chinese mitigation vendor NSFOCUS have confirmed.
The firm’s recent statistics show that the peak for DDoS attacks on banks happened in the first half of 2013 when they accounted for an extraordinary 45 percent of all attacks, with enterprises second in the target list at around 25 percent.
By the second half of last year, this had started to change with bank attacks slipping under 10 percent - this has since dropped to fractions of a percent. If banks are now off the menu, online gaming and ISPs are suddenly popular, rising in the first half of 2014 to 10 percent and nearly 15 percent of attacks respectively.
“This indicates how ‘trendy’ profit-driven hackers can be when selecting their attack prey, choosing the most ripe target for the times,” said NSFOCUS’s researchers.
Oddly, the firm omits to offer a more detailed explanation for these trends in DDoS attacks, so let’s speculate to fill in some of the blanks.
The wave of bank DDoS attacks in early 2013 were part of a wider assault on the sector, which probably had both political and financial motivations. From one side, Iranians actors were said to be hitting US firms as part of a cyberwarfare campaign that had started in 2012. From the other side, criminals started using DDoS as a distraction exercise while they attempted to transfer funds from compromised bank accounts. Both were eventually contained, or so it seems.
This year’s spike in attacks on gaming sites seems to be spurred by the actions of individual hacking groups that want to disrupt an a multi-billion online industry, a good example of which would be last week’s ‘Lizard Group’ attack on Destiny, Call of Duty: Ghosts, and Sony’s PlayStation Network (PSN). They do it because they can - this kind of DDoS attack is now a cheap commodity.
As for ISPs, these attacks are more significant and probably relate to probes against the infrastructure that holds up many online services. ISPs offer a god test bed for new types of attack.
NSFOCUS also reports that attack duration is now holding steady with 93.5 percent of attacks lasting 30 minutes or less. Longer-lasting attacks remain curiosities, including a single attack in the first half of 2014 that persisted for an extraordinary 228 hours. Only 5 percent of attacks exceed 4Gbps.
Other firms have reported on two far more alarming DDoS trends, namely a sudden spike in massive attacks exploiting server vulnerabilities and protocols such as DNS, NTP, and even SNMP. A good example of where could be leading came with news of a 300Gbps peak attack on an unidentified data centre, reported in August by Verizon.
A second aspect of this is the possibility of combining different types of reflection attack into one larger and more complex attack. This happened for the first time (as far as is known) later the same month when Australian data centre Micron21 found itself on the receiving end of a ‘CDRDos’ storm.