searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Help Net Security
Help Net Security
June 25, 2020
Share

Duration of application DDoS attacks increasing, some go on for days

There were seven major application DDoS attacks over the previous month — two of which lasted 5-6 days, Imperva reveals.

application DDoS attacks

Additionally, the team found that 47% of account takeover (ATO) attacks were aimed at loyalty programs and streaming services, where bad actors attempted to use stolen credentials to gain unauthorized access to online accounts to carry out malicious actions such as data theft, identity fraud or fraudulent e-commerce transactions.

The report also showed continued signs of site traffic recovery across various industries following the lift in shelter-in-place orders, as schools across the world reopened and employees returned to workplaces.

Increasing length of application DDoS attacks

Seven major application DDoS attacks over 150,000 requests per second (RPS) were identified. Two of the attacks lasted five and six days consecutively — an unusual occurrence, as most (70% of those in May) DDoS attacks typically last less than 24 hours.

Additionally, while the average DDoS event in April originated from 300 IPs, these two major events were from 28,000 and 3,000 unique IPs. Additionally:

  • The most targeted industries overall were news (38%), business (25%) and financial services (19%).
  • Top countries from which DDoS attacks originate are China (26%), US (15%) and the Philippines (7%).
ATO attacks are focused at loyalty program cards and streaming services

Out of the total ATO attacks, 47% were aimed at loyalty programs and streaming services. In one example, 13.5 million ATO attempts were registered over three days.

Across all ATO attacks, the average attack size per site was about 100,000 attempts, distributed over 2,000 IPs on average. This means that each IP sent no more than two requests per day, classifying as a “low and slow” attack — where a botnet uses multiple devices, each sending only a handful of requests, to masquerade its attack with legitimate traffic.

COVID-19 affects cyber traffic and attack trends, while recovery continues

As the coronavirus crisis escalated, changes in traffic and attack trends across multiple industries and countries were previously examined. In May, as more countries reopened schools and less students were at home, overall traffic to education sites went down by 20%.

Additionally, with many returning to work and spending more time commuting, the use of entertainment sites — specifically radio streaming services — increased by 11% overall.

Cloud platforms and automated tools: The main source of attacks against govt sites

Cloud platforms and automated tools are the main source of attacks against government sites in the United States. A total of 65% of the attacks against law and government sites in the US originated from cloud platforms using automated tools written in the Python programming language.

Database vulnerabilities spike

Ten new database vulnerabilities were published in May, and almost half held a high severity score of greater than seven, with one reaching a critical score of greater than nine per the Common Vulnerability Scoring System (CVSS). Most of the vulnerabilities were published on May 12, 2020 as part of SAP Security Patch Day.

application DDoS attacks

Overall Cyber Threat Index score remains at a ‘high’ level

Although the number of attacks declined by 28%, the Cyber Threat Index score went up by 32 points due to more high- and medium-risk vulnerabilities and an increase in high volume and longer duration DDoS attacks.

“In May, we were surprised to find two unusually long DDoS attacks lasting 5-6 days. As methods to carry out DDoS have become more advanced, leading to increased accessibility to those with no technical skills, we have historically seen that most attackers would rather not waste time and resources on achieving their proof of impact,” said Nadav Avital, head of security research at Imperva.

“For example, in Imperva’s 2019 Global DDoS Threat Landscape Report, we found that about 29% of attacks lasted 1-6 hours while 26% lasted less than 10 minutes. Longer attacks — such as the ones conducted in May — suggest they are the work of more professional bad actors who use their own botnets to carry out persistent assaults.”




More about
  • account hijacking
  • app
  • credentials
  • cyberattack
  • cybersecurity
  • data theft
  • DDoS
  • fraud
  • Imperva
  • privacy
  • threats
  • vulnerability
Share this

Featured news

  • You should be able to trust organizations that handle your personal data
  • VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)
  • Many security engineers are already one foot out the door. Why?
Easily migrate to the cloud with CIS Hardened Images

What's new

Ransomware still winning: Average ransom demand jumped by 45%

3 key elements to protect a Kubernetes cluster

You should be able to trust organizations that handle your personal data

By streamlining compliance, companies can focus more on security

Don't miss

You should be able to trust organizations that handle your personal data

3 key elements to protect a Kubernetes cluster

Ransomware still winning: Average ransom demand jumped by 45%

Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed

How to ensure that the smart home doesn’t jeopardize data privacy?

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • Data centers on steel wheels: Can we trust the safety of the railway infrastructure?
  • Good end user passwords begin with a well-enforced password policy
  • Keep your digital banking safe: Tips for consumers and banks
  • Is cybersecurity talent shortage a myth?

(IN)SECURE Magazine ISSUE 71 (March 2022)

  • Why security strategies need a new perspective
  • The evolution of security analytics
  • Open-source code: How to stay secure while moving fast
Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise