Every month in this space, we will post the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks continue to pose a significant risk to businesses it is critical that we regularly communicate our Threat Research team’s findings to help the cybersecurity community stay prepared for the next DDoS attack.
Report highlights
- The largest Layer 7 DDoS attack Imperva mitigated in September targeted a European financial services organization. The attack lasted eight minutes and measured 1.1 million requests per second (RPS).
- The largest Layer 3 or 4 attack Imperva mitigated in September was an attack on a communications technology company measuring 707 Gigabits per second (Gbps) at its peak. The attack lasted one minute and 36 seconds.
- The largest attack by total Million packets per second (Mpps) measured 144 Mpps and lasted one hour and 24 minutes.
- Layer 7 DDoS attacks on Russian sites were down again this month with a drop of 53% from August. Layer 7 DDoS attacks on Ukrainian sites were down for the first time since June, dropping by 17% from August to September.
Geo-political DDoS threat landscape
- Layer 7 DDoS attacks on Russian sites were down again this month with a drop of 53% from August. As the Russia-Ukraine conflict continues, government-sponsored cyber units may refocus efforts elsewhere. Hacktivists, which were called on to target Russia for Ukraine’s cause early in the war, have probably moved on to more lucrative targets by now.
- Similarly, Layer 7 DDoS attacks on Ukrainian sites were down for the first time since June, dropping by 17% from August to September.
The most impacted industries in Ukraine were Legal and Government sites, which were surprisingly targeted almost five times as frequently in September as the previous month. This was due to a targeted attack against a bank in Ukraine, which lasted nearly 11 hours in total.
- Layer 7 DDoS attacks on Financial Services targets in Russia dropped by 57% from August to September.
- Attacks on accounts in China rose by 40% in September, although overall attack numbers have been much lower this year than last. This may be due to a refocus of efforts towards Ukraine, or because attackers aren’t making as much money from Chinese sites anymore.
- The top countries for Layer 7 DDoS attacks on Ukrainian targets were Germany, the United States, and Hong Kong; followed closely by the United Kingdom and Singapore.
Application Layer DDoS attacks
Layer 7 DDoS attacks dropped by 15% from August to September in contrast to the previous month when attacks had increased by 12%.
In the United States, 72% of all Layer 7 DDoS attacks originated within the US, followed by Hong Kong with almost 12% of attacks. Most DDoS attacks use IPs based in the target country, so high numbers of US IPs track with what we know of attackers’ TTPs.
The United States dominated the countries targeted by application DDoS attacks in September accounting for almost 60% of the attacks.
Attack duration
Almost 68% of all Layer 7 DDoS attacks lasted under one hour with 36% of those lasting 15 minutes or less.
Application Layer DDoS attacks by industry
- Layer 7 DDoS attacks on financial services targets were down by 23% in September vs the previous month.
- In contrast, Layer 7 DDoS attacks targeting financial services in the US increased by 40% between August and September.
- In France, the retail sector saw an increase in Layer 7 DDoS attacks between August and Sept with an increase of 17% in the number of incidents
- Layer 7 attacks targeting the travel sector saw a sharp increase of 123% in September compared to August.
- The top targeted industries for Layer 7 DDoS attacks were financial services, retail, and computing & IT. Almost half of all application DDoS attacks in September targeted these industries.
Network Layer DDoS attacks
- The number of Layer 3 and 4 DDoS attacks decreased by 41% from August to September.
- The top 3 targeted countries’ for Layer 3 and 4 DDoS attacks in September were the United States, Germany and Taiwan.
Attack vectors
- 74% of Layer 3 and 4 attacks in September consisted of a single vector. 19% of attacks were made up of two or three vectors, with only 6% having four or more vectors. This shows that the majority of attacks were not high-level attacks, as attackers trying hard to target a site often use multiple vectors in order to be harder to mitigate.
Attack duration
- 76% of all Layer 3 and 4 attacks in September lasted 30 minutes or less, with over 60% lasting under seven minutes. 17% of all Layers 3 and 4 DDoS attacks lasted more than one hour.
Contact us today to learn more or arrange a free trial of Imperva DDoS protection for websites
Imperva protects network infrastructure against Layers 3 and 4 DDoS attacks.
Learn more about Imperva DDoS Protection for Networks or you can request a demo of the solution in action.
Try Imperva for Free
Protect your business for 30 days on Imperva.