Big thanks to Akamai and Incapsula for providing the community with a DDoS trends report detailing the specific types of DDoS attacks. The key takeaway is the attacks are getting more sophisticated where attackers launch multi vector attacks to mask certain types of attacks. Multi vector attack simply means two or more types of attacks happening concurrently or one after the other.
The sophisticated DDoS attacks can be classified as advanced persistent threats (APT), since they happen for weeks at a time, and where the attacker shifts the type of attack when one type of attack fails. Akamai and Incapsula provide the number of attacks, types of attacks, and the changing methods attackers use over time on their networks. For Akamai, volumetric DDoS attacks remain the most prevalent, and are used to sometimes cloak smaller but more lethal application layer attacks. Ultimately, the attacker is a highly skilled tactician that enjoys playing minds games, and the Akamai and Incapsula network are his chess board. For the unprepared it will be checkmate in no time. Below is the Akamai and Incapsula DDoS trends report snapshot.
Akamai Recent DDoS Trends
- Majority of attacks on the Akamai network are volumetric DDoS attacks
- New attack kind observed, multi- vector attack consisting of Slow DoS and HTTP GET/POST Attack
- Common multi vector attack are DDoS attack and Layer 7 Application attacks such as cross site scripting, SQL injection, system command injection, and few others
- Peak attack experienced on Akamai network recently is 4,000 HTTP Get/POST hits per second originating from several hundred globally distributed IP’s that generated 70M hits in short amount of time
- Countries that are the top source of attack include 79M hits from Korea, 46M hits from USA, and 18M hits from Taiwan
- New favorite tool for attack is the “Dirt Jumper attack toolkit family, with majority being Type 4 attack
- Â Percentage of attack tools used are 47% Dirt Jumper Type 4, 37% LOIC/HOIC and 16% Dirt Jumper Type 0, 1, 2
- Akamai WAF stopped Slow DoS attacks
- Akamai has the capability to protect customers against Slowloris and Slow TCP attacks
- Percentage of attack types is 67% Remote File Access Attempts, 15% HTTP Policy Violations
 Incapsula DDoS Trends for 2014
- Most common attack type Incapsula experienced in 2014 is a multi vector attack consisting of regular SYN flood attacks and large SYN flood attacks (greater than 250 bytes)
- Percentage of the number of multi vector attacks are the following: 2 vector attacks accounted for 41% of the attacks, 3 vector attack 32% and 4 vector attack is 4%
- Incapsula observes that in 2014 there is a greater shift to NTP amplification attacks has such as Cloudbeen observed
- 12M unique DDoS bots hit Incapsula’s network weekly