DDoS attacks were 47% more frequent in Q1 of 2014 than in Q1 of last year, according to a report by Akamai Technologies and the recently acquired Prolexic. The study, Prolexic Q1 2014 Global DDoS Attack Report, also revealed a 50% decrease in average attack duration, from 35 hours to 17 hours when comparing Q1 2014 to the same quarter last year.
“Innovation in the DDoS marketplace is resulting in tools that inflict more damage with fewer resources,” the report states. “Q1’s high-volume attacks were made possible by the availability of easy-to-use DDoS tools from the DDoS-as-a-service marketplace. These tools can be used with minimal skills on the part of the attacker.”
Infrastructure and application attacks
Infrastructure attacks were 68% more frequent in Q1 of 2014 compared to the same quarter last year, but application attacks were 21% less frequent over the same two periods.
“In the first quarter of the year, infrastructure layer attacks took a more dominant position over application layer attacks, a change from the recent historical trends,” according to the report. “This trend echoes the increased availability and convenience of DDoS attack tools and DDoS for-hire sites that use infrastructure-based attack methods.”
Increased peak bandwidth
Comparing Q1 2014 to the same quarter last year, the report revealed a 133% increase in average peak bandwidth. However, the report also revealed a 9% decrease in average attack bandwidth over the same period.
“Q1 2014 DDoS attack campaigns were as disruptive as those from the previous year,” the report notes. “The major difference was the attack execution style: malicious actors delivered more frequent DDoS attacks with higher packet per second rates than a year ago.”
When, where, who
Over Q1 the media and entertainment industry was the most likely to be attacked, comprising 50% of all DDoS attacks. The software and technology industry comprised 17% of all attacks, the second-most of any industry.
Twenty-one percent of all DDoS attacks during Q1 originated in the United States, and 19% of all attacks originated in China.
The largest DDoS attack in history occurred in February, when web hosting firm OVH peaked at 400Gb/s. Blogging website WordPress was attacked in March, when 100,000 Wordpress websites were conscripted into a botnet that forced them to inadvertently launch DDoS attacks.