Cyber-security vendors are revealing their statistics for the third quarter (Q3) of 2015, and a popular topic is DDoS attacks, a tactic widely used to mask more serious intrusions, to extort companies, or to annoy or sabotage competitors.
We have aggregated for you data from two different DDoS reports that came fromKaspersky Lab’s DDoS Intelligence Report Q3 2015, and from Imperva’s Q3 2015 Global DDoS Threat Landscape Report.
Kaspersky Lab Report – key findings
Maybe the most interesting fact in the whole report is the rise of Linux-powered machines involved in launching DDoS attacks. While a month ago we saw the first clues of a Linux-targeting malware used to add Linux servers to a global DDoS botnet, there seem to be more similar tools activating on the market outside XOR. Kaspersky says that 45.6% of all recorded DDoS attacks were launched from Linux computers.
Furthermore, the cyber-security company recorded an attack against one of its clients that lasted a whopping 320 consecutive hours (2 weeks), and another company in Holland that was hit 22 times.
Outside these out of the ordinary cases, most incidents were of a lower bandwidth, lasted less than 24 hours, and 91.6% of attacks targeted users living only in 10 countries: China, the USA, South Korea, Russia, Vietnam, Croatia, Canada, Japan, Holland, and France.
China, the US, and South Korea were also the top sources of attacks as well, while the most common DDoS attack types were the ones that employed SYN, TCP and HTTP packets.
Imperva Report – key findings
Imperva, on the other hand, noted a 108.5% increase in network layer DDoS attacks compared to Q2 2015, mitigated at least one 100+ Gbps attack per day, and recorded an incident with a peak bandwidth of 260 Gbps.
At the application layer, Imperva noticed that 62.3% of all DDoS bots were hiding at the browser level.
As in the Kaspersky report, China was ranked as the main source of DDoS attacks, while the US was the main target of most of the attacks.