Q2 2014: Malicious actors switch tactics to build, deploy and conceal powerful botnets
Server-side botnets prey on web vulnerabilities, reflection attacks continue to let attackers do more with less
From April to June 2014, DDoS attack activity remained near the first quarter’s record-setting levels. Compared to Q2 a year ago, average bandwidth was up 72 percent, and peak bandwidth increased 241 percent, while attack duration was only half as long. Attacks of the type mitigated by Prolexic (now part of Akamai) in Q2 pose a significant danger to businesses, governments and other organizations that risk having an entire data center made unavailable for the duration of an attack.
The powerful attacks in Q2 were largely fueled by reflection-based attacks that misuse common Internet protocols on open and vulnerable servers and server-side botnets that take advantage of web vulnerabilities in instances of Linux, Windows, and content management systems (CMSs) such as WordPress, Joomla and their plugins. With server-based attacks, malicious actors can cause more damage with fewer resources.
Learn about what – and who – is behind these DDoS trends. In addition to year-over-year and quarter-over-quarter metrics, you’ll also learn about indicators of a resurgence of the Brobot botnet, the new trend in server-side botnet construction, and details of two large DNS flood attacks.
The Q2 2014 report covers:
- Analysis of recent DDoS attack trends
- Breakdown of average Gbps/Mpps statistics
- Year-over-year and quarter-by-quarter analysis
- Types and frequency of application layer attacks
- Types and frequency of infrastructure attacks
- Trends in attack frequency, size and sources
- Where and when DDoSers launch attacks
- Case study on server-side botnet construction based on Web vulnerabilities. Learn why Brobot attacks may resume at any time.
- Spotlight on a May attack campaign involving Domain Name Service (DNS) query floods and a SYN attack
Register to download the full DDoS attack report >>>
About the Prolexic Security Engineering & Research Team (PLXsert)
PLXsert monitors malicious cyber threats globally and analyzes these attacks using proprietary techniques and equipment. Through research, digital forensics and post-event analysis, PLXsert is able to build a global view of security threats, vulnerabilities and trends, which is shared with customers and the security community. By identifying the sources and associated attributes of individual attacks, along with best practices to identify and mitigate security threats and vulnerabilities, PLXsert helps organizations make more informed, proactive decisions. To learn more about PLXsert, please contact email@example.com or call +1 (888) 368 2923.
Register for the Q2 2014 Global DDoS Attack Report
* Required field