HTTP DDoS Attacks Still Reign Supreme

Despite the media’s love-affair with Anonymous style cyber-anarchy and vigilante-hacktivism, the vast majority of DDoS attacks are carried out by criminals seeking financial gain, not activists, according to a new research report.

Despite the media’s love-affair with Anonymous style cyber-anarchy and vigilante-hacktivism, the vast majority of DDoS attacks are carried out by criminals seeking financial gain, not activists, according to a new research report.

The top four targets of DDoS attacks in the second quarter were online shopping, gaming, stock exchange and banking sites, in that order, accounting for 69 percent of all DDoS attacks, according to the report on botnet activity from Kaspersky Lab. As for the “hacktivism” that’s gotten a lot of coverage lately, the bottom four spots on the list (excluding the one percent designated ‘other’) are transport, other business related and government sites respectively, accounting for a mere seven percent of attacks.

That said, the new report only accounts for botnet-driven attacks. Those popularized by Anonymous, which use the Low Orbit Ion Cannon (LOIC) DDoS tool, are not accounted for in this report.

Alarmingly, attacks on ‘blogs and forums’ and the ‘mass media’ accounted for eight percent and seven percent respectively, perhaps evidence of individuals and groups launching DDoS attacks in order to silence media channels, or more broadly, opinions with which they disagree.

On an interesting note, the analysis found that Tuesday is the most popular day of the week to launch a DDoS attack (closely followed by Wednesday, Monday and Thursday, in that order). Sunday is the least popular day to launch such attacks, Friday the second least and Saturday the third least popular. Also interesting is the author’s belief that as the summer holiday season comes to an end, more zombie machines will come back into use, making DDoS attacks all the more potent.

Seventy-two percent of attacks were aimed at IP addresses rather than specific domains.

HTTP flood attacks where massive amounts of HTTP requests are sent to targeted site in a short period of time, crippling the site, remain, by far, the most popular method of DDoSing.

Suggested articles

Discussion

  • Reto Muller on

    Excellent synopsis of what we have been seeing as of late in the DDoS proliferation scene!

    I would only add two things tha may serve as a reason for some of the above outlined "trends": i.) there's persistent evidence that the cost of launching a DDoS attack is getting quite low: $50/day for 5000 machine botnet - opening doors to all kinds of ill-doers (the compettion, bored students, blackmailers, whoever...) to target even very small online operations and, ii.) it is getting increasingly easy to launch such attacks - you don't need to be any kind of expert anynore - spend an evening in google, you will source all you need to harm your victim.

    All in all, I expect we shall soon witness a situation where DDoS Protection (or some kind of it) wil become a mandatory offering of all hosting companies.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.